Home
 » ISP News » 
Sponsored Links

NETGEAR Decline to Patch Security Flaw in 45 Routers and Modems

Friday, Jul 31st, 2020 (12:01 am) - Score 3,729
netgear nighthark r7000

Back in June it was revealed that around 80 of NETGEARs broadband wireless router(s), modems and other products suffered from a remote code execution vulnerability, which could allow “unauthenticated remote code execution with root privileges.” The company patched some of those but seems to have no plan for doing the rest.

Details of the vulnerability can be found here and here, although The Register has spotted that NETGEAR have decided not to issue firmware fixes for 45 of their devices because. Instead the associated products on their related advisory page are simply given the following fix status: “None; outside security support period” (i.e. we’ve stopped supporting that kit so enjoy being exposed to hackers).

In fairness it’s not realistic to expect such companies to continue providing support for their networking hardware indefinitely, although a few of the models (e.g. the Nighthawk R7300DST) are a fair bit younger than some of the other devices. Owners of those might thus reasonably still expect security patches for such a vulnerability.

Advertisement

Brian Gorenc, Senior Director at Trend Micro, said: “Unfortunately, there are too many examples of vendors abandoning devices that are still in wide use – sometimes even when they are still available to purchase. We hope vendors clearly communicate their support and lifecycle policies so that consumers can make educated choices.”

The Products NETGEAR Refuse to Patch
AC1450
D6300
DGN2200v1
DGN2200M
DGND3700v1
LG2200D
MBM621
MBR1200
MBR1515
MBR1516
MBR624GU
MBRN3000
MVBR1210C
R4500
R6200
R6200v2
R6300v1
R7300DST
WGR614v10
WGR614v8
WGR614v9
WGT624v4
WN2500RP
WN2500RPv2
WN3000RP
WN3000RPv2
WN3000RPv3
WN3100RP
WN3100RPv2
WN3500RP
WNCE3001
WNCE3001v2
WNDR3300v1
WNDR3300v2
WNDR3400v1
WNDR3400v2
WNDR3400v3
WNDR3700v3
WNDR4000
WNDR4500
WNDR4500v2
WNR3500v1
WNR3500Lv1
WNR3500v2
WNR834Bv2

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and .
Search ISP News
Search ISP Listings
Search ISP Reviews
Comments
19 Responses

Advertisement

  1. Avatar photo Q says:

    Most likely there will be custom firmware released like DDWRT to fix the issues.

    1. Avatar photo mike says:

      That’s great if you’re technical enough to know what DD-WRT is and how to install it. For most people their router is an appliance just like their toaster and they know nothing of firmware.

  2. Avatar photo Draak says:

    Netgear is famous for leaving their routers unpatched but as long as they make them open to custom firmware it’s “fine”.

  3. Avatar photo Brian says:

    A bit of a non story considering its not unusual for companies to stop supporting older hardware. I mean should Netgear support these routers for the next 100 years, ie where do you draw the line?

    A bit like why Apple stop supporting older iphones with firmware/security updates after 4-5 years. Or worse, some Android handsets stop getting updates after only a couple of years. It costs time & money for companies to support older hardware, you can’t expect companies to release updates for products forever.

    1. Avatar photo mike says:

      iPhone 6S is set for 7 years of updates.

      I think routers should receive updates for at least 10 years. If we can’t get stuff like this right, we’re doomed as a species. So much waste generated in the name of profit when perfectly servicable kit has to be thrown away because of a small software flaw that can easily be fixed…

    2. Avatar photo Paul M says:

      Maybe these companies shouldn’t be in the router business if they can’t set up their software development process so that it’s trivial to build a new release at any time and backport patches?
      With containers and virtual machines you can spin up a complete build and test environment quickly, and thus roll out a patch release.

  4. Avatar photo Pezza says:

    I would expect support for five years, the general consumer doesn’t know how to flash custom firmware o to their device. But their network will be wide open to threats. The article says younger routers will not be fixed which I find unfair. Seems to be a cost cutting measure on Netgears part I think.
    Do other males like Asus do the same thing?

    1. Avatar photo Draak says:

      > Do other males like Asus do the same thing?

      From my experience Asus not only patches vulnerabilities in their not-so-new routers but also updates packages for new features and does it frequently. The only downside is that you need to update firmware manually.

    2. Avatar photo Leex says:

      For majority of people, this issue isn’t a problem because they don’t update there routers any way (majority use isp router so they get updates from isp automatically when they can be bothered to release a update to fix a security problem)

  5. Avatar photo John says:

    Draytek are still updating the firmware on the 2860, and that came out in 2013

    1. Avatar photo Neil Mullins says:

      Draytek are a very solid company, I used one of their routers for years.

      Swapped to a Synology router recently, since it seems they have a similar approach to keeping their device properly patched. Though it will be interesting to see how long they provide that support, though at the moment, it seems good.

    2. Avatar photo Smithers says:

      As a long time Draytek user I was about to make the very same point, but other beat me to it.

      However I have now moved on and the only Draytek device I am currently using is a Vigor 130 modem. If you want to take things to the next level, have a look at the free community edition of pfsense (you will need to provide you own hardware – unless you buy one of the pre-configured devices from Netgate).

      https://www.pfsense.org/download/

      Hardware I am using (make sure it has Intel NIC’s and AES-NI support on CPU)

      https://www.mini-itx.com/~JBC313

      Particularly recommend a free pfsense third party package called pfblockerNG which is like a Pi-Hole but on steroids. You can also block via ASN – handy for those firms that hard-code IP address to defeat DNS blocking – yes Microsoft I am looking at you!

      Icing on the cake is extensive VPN client/server support – its basically a corporate product suitable for the keen hobbyist. Basic install should have you easily up and running and you can then (as knowledge develops) screw your network down as hard as you like.

      Highly recommended

  6. Avatar photo Karl Betts says:

    Simple don’t used netgear.

  7. Avatar photo Chris "The Products NETGEAR Refuse to Patch" Sayers says:

    “The Products NETGEAR Refuse to Patch”, another pile of e waste to add to the mountain, Netgears green credentials have been blown out of the water, I don’t think its unreasonable to expect a router to last at least 7 years, if Netgear can write these devices off it shows a complete disregard for total cost of ownership, I think their complete lack of customer care shows they are disrespecting their existing customers, sorry Netgear, as an existing customer, I will be voting with my wallet and not putting your kit in my network.

    That’s my Friday rant over.

    1. Avatar photo Buggerlugz says:

      Absolutely, no reason to buy the kit if they refuse to support it. And considering how expensive Netgears top end routers are its not exactly a good advert for the company is it!

  8. Avatar photo Buggerlugz says:

    Throw away culture in a nutshell, Netgear would rather people buy new routers.

    Bonus points for anyone who can name another 20 tech companies with the exact same ethos……I’ll start you off with LG.

  9. Avatar photo RaptorX says:

    And I thought that Netgear was one of the top brands out there. Great to know that my router won’t be supported in a short while.

  10. Avatar photo markdj says:

    Another reason to use Google WiFi?

  11. Avatar photo Chris C says:

    Consumer routers from some vendors effectively get only 1 year support as new models get released annually to replace old one’s, its a terrible state of affairs, one reason why I use pfsense on my own bare metal hardware now.

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.99
132Mbps
Gift: None
Sky UK ISP Logo
Sky £27.00
145Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £19.00
300Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (6053)
  2. BT (3649)
  3. Politics (2729)
  4. Business (2444)
  5. Openreach (2412)
  6. Building Digital UK (2336)
  7. Mobile Broadband (2157)
  8. FTTC (2086)
  9. Statistics (1914)
  10. 4G (1827)
  11. Virgin Media (1776)
  12. Ofcom Regulation (1591)
  13. Fibre Optic (1471)
  14. Wireless Internet (1464)
  15. 5G (1417)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon