Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code

The vulnerability was revealed publicly in June by Trend Micro's Zero Day Initiative (ZDI) following six months spent chivvying Netgear behind the scenes to take it seriously.
Keen-eyed Reg readers, however, noticed that Netgear quietly declared 45 of the affected products as "outside the security support period" – meaning those items won't be updated to protect them against the vulnerability.

So short of replacing your home router you may otherwise want to look at installing alternative software such as DD-WRT which supports many of the Netgear routers. Thank goodness for open source! It's important to check regularly for router software updates.

See the list of routers at If you own one of these 45 Netgear devices, replace it: Firm won't patch vulnerable gear despite live proof-of-concept code

#technology #security #networks


That's one way of speeding up the tech refresh cycle

Open post to Comment