Netgear has issued firmware updates for select Wi-Fi router models that were affected by a remote code execution vulnerability discovered in mid-June. While there are dozens of SKUs potentially vulnerable attacks, more than half of the models will not get a fix as they are ‘outside of Netgear’s support window.’
As many as 79 Netgear home Wi-Fi router models (which are sometimes used in small offices too) are defenseless against both local and over the internet attacks that exploit their remote code execution vulnerability.
As it turns out, perpetrators can bypass the login process to get access to the router’s web server that runs the web-based administrative interface and take control of the device.
- Best wireless routers: the best Wi-Fi for your home network
- Wi-Fi 6 routers: the best Wi-Fi 6 routers you can buy
- Best mesh Wi-Fi routers: the best wireless mesh routers for large homes
Netgear router flaw
The security flaw was discovered by at least two security researchers over half of a year ago and Netgear was alerted about the vulnerability back in January. The findings were eventually published through Trend Micro’s Zero Day Initiative program in mid-June, months after Netgear was notified about the issue.
Netgear has issued new firmware that addresses the flaw for 34 out of 79 routers affected by the vulnerability. Meanwhile, Netgear has no plans to patch 45 models that were sold into the channel more than three years ago.
“Netgear has provided firmware updates with fixes for all supported products previously disclosed by ZDI and Grimm,” an official statement by Netgear reads. “The remaining products included in the published list are outside of our support window. In this specific instance, the parameters were based on the last sale date of the product into the channel, which was set at three years or longer.”
A number of Wi-Fi router models that will not be patched are ancient and were launched in 2007, but a few of the them support Wi-Fi 5 (802.11ac) and do not seem to be completely outdated at all. In fact, some are even available in retail.
The list of SKUs that will not be fixed includes the following models: