Home
 » ISP News » 
Sponsored

NETGEAR Decline to Patch Security Flaw in 45 Routers and Modems

Friday, July 31st, 2020 (12:01 am) - Score 3,195
netgear nighthark r7000

Back in June it was revealed that around 80 of NETGEARs broadband wireless router(s), modems and other products suffered from a remote code execution vulnerability, which could allow “unauthenticated remote code execution with root privileges.” The company patched some of those but seems to have no plan for doing the rest.

Details of the vulnerability can be found here and here, although The Register has spotted that NETGEAR have decided not to issue firmware fixes for 45 of their devices because. Instead the associated products on their related advisory page are simply given the following fix status: “None; outside security support period” (i.e. we’ve stopped supporting that kit so enjoy being exposed to hackers).

In fairness it’s not realistic to expect such companies to continue providing support for their networking hardware indefinitely, although a few of the models (e.g. the Nighthawk R7300DST) are a fair bit younger than some of the other devices. Owners of those might thus reasonably still expect security patches for such a vulnerability.

Brian Gorenc, Senior Director at Trend Micro, said: “Unfortunately, there are too many examples of vendors abandoning devices that are still in wide use – sometimes even when they are still available to purchase. We hope vendors clearly communicate their support and lifecycle policies so that consumers can make educated choices.”

The Products NETGEAR Refuse to Patch
AC1450
D6300
DGN2200v1
DGN2200M
DGND3700v1
LG2200D
MBM621
MBR1200
MBR1515
MBR1516
MBR624GU
MBRN3000
MVBR1210C
R4500
R6200
R6200v2
R6300v1
R7300DST
WGR614v10
WGR614v8
WGR614v9
WGT624v4
WN2500RP
WN2500RPv2
WN3000RP
WN3000RPv2
WN3000RPv3
WN3100RP
WN3100RPv2
WN3500RP
WNCE3001
WNCE3001v2
WNDR3300v1
WNDR3300v2
WNDR3400v1
WNDR3400v2
WNDR3400v3
WNDR3700v3
WNDR4000
WNDR4500
WNDR4500v2
WNR3500v1
WNR3500Lv1
WNR3500v2
WNR834Bv2

Leave a Comment
19 Responses
  1. Avatar Q

    Most likely there will be custom firmware released like DDWRT to fix the issues.

    • Avatar mike

      That’s great if you’re technical enough to know what DD-WRT is and how to install it. For most people their router is an appliance just like their toaster and they know nothing of firmware.

  2. Avatar Draak

    Netgear is famous for leaving their routers unpatched but as long as they make them open to custom firmware it’s “fine”.

  3. Avatar Brian

    A bit of a non story considering its not unusual for companies to stop supporting older hardware. I mean should Netgear support these routers for the next 100 years, ie where do you draw the line?

    A bit like why Apple stop supporting older iphones with firmware/security updates after 4-5 years. Or worse, some Android handsets stop getting updates after only a couple of years. It costs time & money for companies to support older hardware, you can’t expect companies to release updates for products forever.

    • Avatar mike

      iPhone 6S is set for 7 years of updates.

      I think routers should receive updates for at least 10 years. If we can’t get stuff like this right, we’re doomed as a species. So much waste generated in the name of profit when perfectly servicable kit has to be thrown away because of a small software flaw that can easily be fixed…

    • Avatar Paul M

      Maybe these companies shouldn’t be in the router business if they can’t set up their software development process so that it’s trivial to build a new release at any time and backport patches?
      With containers and virtual machines you can spin up a complete build and test environment quickly, and thus roll out a patch release.

  4. Avatar Pezza

    I would expect support for five years, the general consumer doesn’t know how to flash custom firmware o to their device. But their network will be wide open to threats. The article says younger routers will not be fixed which I find unfair. Seems to be a cost cutting measure on Netgears part I think.
    Do other males like Asus do the same thing?

    • Avatar Draak

      > Do other males like Asus do the same thing?

      From my experience Asus not only patches vulnerabilities in their not-so-new routers but also updates packages for new features and does it frequently. The only downside is that you need to update firmware manually.

    • Avatar Leex

      For majority of people, this issue isn’t a problem because they don’t update there routers any way (majority use isp router so they get updates from isp automatically when they can be bothered to release a update to fix a security problem)

  5. Avatar John

    Draytek are still updating the firmware on the 2860, and that came out in 2013

    • Avatar Neil Mullins

      Draytek are a very solid company, I used one of their routers for years.

      Swapped to a Synology router recently, since it seems they have a similar approach to keeping their device properly patched. Though it will be interesting to see how long they provide that support, though at the moment, it seems good.

    • Avatar Smithers

      As a long time Draytek user I was about to make the very same point, but other beat me to it.

      However I have now moved on and the only Draytek device I am currently using is a Vigor 130 modem. If you want to take things to the next level, have a look at the free community edition of pfsense (you will need to provide you own hardware – unless you buy one of the pre-configured devices from Netgate).

      https://www.pfsense.org/download/

      Hardware I am using (make sure it has Intel NIC’s and AES-NI support on CPU)

      https://www.mini-itx.com/~JBC313

      Particularly recommend a free pfsense third party package called pfblockerNG which is like a Pi-Hole but on steroids. You can also block via ASN – handy for those firms that hard-code IP address to defeat DNS blocking – yes Microsoft I am looking at you!

      Icing on the cake is extensive VPN client/server support – its basically a corporate product suitable for the keen hobbyist. Basic install should have you easily up and running and you can then (as knowledge develops) screw your network down as hard as you like.

      Highly recommended

  6. Avatar Karl Betts

    Simple don’t used netgear.

  7. Avatar Chris "The Products NETGEAR Refuse to Patch" Sayers

    “The Products NETGEAR Refuse to Patch”, another pile of e waste to add to the mountain, Netgears green credentials have been blown out of the water, I don’t think its unreasonable to expect a router to last at least 7 years, if Netgear can write these devices off it shows a complete disregard for total cost of ownership, I think their complete lack of customer care shows they are disrespecting their existing customers, sorry Netgear, as an existing customer, I will be voting with my wallet and not putting your kit in my network.

    That’s my Friday rant over.

    • Avatar Buggerlugz

      Absolutely, no reason to buy the kit if they refuse to support it. And considering how expensive Netgears top end routers are its not exactly a good advert for the company is it!

  8. Avatar Buggerlugz

    Throw away culture in a nutshell, Netgear would rather people buy new routers.

    Bonus points for anyone who can name another 20 tech companies with the exact same ethos……I’ll start you off with LG.

  9. Avatar RaptorX

    And I thought that Netgear was one of the top brands out there. Great to know that my router won’t be supported in a short while.

  10. Avatar markdj

    Another reason to use Google WiFi?

  11. Avatar Chris C

    Consumer routers from some vendors effectively get only 1 year support as new models get released annually to replace old one’s, its a terrible state of affairs, one reason why I use pfsense on my own bare metal hardware now.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £19.95 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: Promo Code: HYPER20
  • SSE £22.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Plusnet £22.50 (*35.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • Onestream £22.99 (*34.99)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2740)
  2. FTTP (2667)
  3. FTTC (1767)
  4. Building Digital UK (1722)
  5. Politics (1630)
  6. Openreach (1590)
  7. Business (1403)
  8. FTTH (1330)
  9. Statistics (1220)
  10. Mobile Broadband (1195)
  11. Fibre Optic (1048)
  12. 4G (1027)
  13. Wireless Internet (1009)
  14. Ofcom Regulation (1004)
  15. Virgin Media (990)
  16. EE (678)
  17. Sky Broadband (662)
  18. TalkTalk (652)
  19. Vodafone (651)
  20. 5G (487)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact