Security researchers at Trend Micro discovered a serious vulnerability in Netgear routers. The initial research showed that 79 different models were affected by the vulnerability. While Netgear has patched 28 models, the remaining 41 devices have been left without support. This means that any user of these models will be forever vulnerable to an attack that allows for the remote execution of code with root (administrative) privileges. If you’re using a Netgear router, read on to see if your model is vulnerable.
Staying safe online is getting harder to do. But when a well-known company like Netgear won’t fix known problems in their devices, it gets even harder. Netgear was given the list of vulnerable devices earlier this year and in June decided to fix 28 models. However, the remaining devices were determined to be outside the security support period and would not be patched.
Even the United States Cybersecurity & Infrastructure Security Agency (CISA) issued a release about the issue. You can read it here.
Exploit created to helo encourage Netgear to patch their devices
Cybersecurity firm Grimm, created an attack tool that would use the vulnerability and then showed this to Netgear. The goal was to help Netgear see how serious it was with the hope that Netgear would patch the remaining models. Netgear declined even after seeing that the exploit was legitimate and exploitable by remote attackers.
Sometimes it’s hard to translate corporate-speak into normal English, but this one is easy: we want you to buy a new Netgear router to replace the one we won’t fix.
Not the first time
This isn’t the first time Netgear has come under attack for router vulnerabilities. Netgear has a spotty history with taking the security of their devices seriously. They are also often slow to respond and release updates.
Earlier this year, in March, Netgear released an update for a similar vulnerability for its Nighthawk product model.
In 2017, security firm Trustwave disclosed flaws in 17 different Netgear router models. Netgear released patches for those.
List of vulnerable Netgear routers
| AC1450 |
|---|
| D6300 |
| DGN2200v1 |
| DGN2200M |
| DGND3700v1 |
| LG2200D |
| MBM621 |
| MBR1200 |
| MBR1515 |
| MBR1516 |
| MBR624GU |
| MBRN3000 |
| MVBR1210C |
| R4500 |
| R6200 |
| R6200v2 |
| R6300v1 |
| R7300DST |
| WGR614v10 |
| WGR614v8 |
| WGR614v9 |
| WGT624v4 |
| WN2500RP |
| WN2500RPv2 |
| WN3000RP |
| WN3000RPv2 |
| WN3000RPv3 |
| WN3100RP |
| WN3100RPv2 |
| WN3500RP |
| WNCE3001 |
| WNCE3001v2 |
| WNDR3300v1 |
| WNDR3300v2 |
| WNDR3400v1 |
| WNDR3400v2 |
| WNDR3400v3 |
| WNDR3700v3 |
| WNDR4000 |
| WNDR4500 |
| WNDR4500v2 |
| WNR3500v1 |
| WNR3500Lv1 |
| WNR3500v2 |
| WNR834Bv2 |
Practices using these devices are at serious risk
If your practice is using one of the devices listed above as your Internet gateway, you need to replace it immediately. Given Netgear’s track record on issues like this, I wouldn’t replace it with another Netgear device. In fact, practices shouldn’t be using consumer-grade routers as their firewall anyway. These devices offer little protection and often have serious vulnerabilities that go unpatched by the manufacturer. Medical practices need a business-grade firewall to protect ePHI on their network.