List of remotely exploitable Netgear routers grows as beta firmware fix is released

Netgear stepped up by publishing a list of routers which are vulnerable to attack as well as releasing beta firmware to patch some of those models.

The company confirmed the existence of the flaw which US-CERT believed was dangerous enough to advise users to stop using vulnerable routers. In addition to the originally announced vulnerable Netgear routers models R6400, R7000, R8000, Netgear warned that nine other router models are also vulnerable.

Here are the 12 routers Netgear admitted are vulnerable to attack; any model with a link goes to the firmware release page and upgrade instructions.

• R6250
• R6400
• R6700
• R6900
• R7000
• R7100LG
• R7300DST
• R7900
• R8000
• D6220
• D6400
• D7000

That doesn’t necessarily mean you should breathe a sigh of relief if your router is not on the list, since Netgear said it is still testing its “entire portfolio for other routers that might be affected by this vulnerability. If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well.”

If any more routers are deemed by Netgear to be vulnerable, they will be added to the security advisory. The list above serves as informative for affected users as well as documents the original list in case additional router models are added.

Speaking of other router models which are vulnerable, security researcher Kalypto Pink has tested a wide range of Netgear routers and found others with the same flaw. Below are the models Pink listed which were not also listed by Netgear once the company finally took action.

• NetGear AC5300-AC5300 Nighthawk X8 Tri-Band WiFi Router (Model R8500)
• NetGear AD7200-Nighthawk X10 Smart WiFi Router (R9000)
• NetGear AC2300-Nighthawk Smart WiFi Router with MU-MIMO (Model R7000P)
• NetGear AC2350-Nighthawk X4 AC 2350 Dual Band WiFi Router (Model R7500)
• NetGear AC2600-Nighthawk X4S Smart WiFi Gaming Router (Model R7800)

It remains to be seen if Netgear will add those to its own vulnerable router list and provide less insecure firmware.

Netgear’s official statement didn’t include the insincere platitude about how important its customers’ security is the to the company, but it did include a different statement that seems equally as questionable.

The Netgear router vulnerability was discovered by a security researcher going by Acew0rm; he said he reported the vulnerability to Netgear four months ago. So, forgive me for scoffing at Netgear’s statement of: “Being pro-active rather than re-active to emerging security issues is fundamental for product support at Netgear.”

Taking a third of a year to react only after US-CERT told vulnerable router owners to unplug them is not what I’d call pro-active.

Shodan showed almost 10,000 vulnerable Netgear routers; even after new firmware is available, there will be thousands of non-technical people who are unaware of the issue and have never manually updated router firmware.

Netgear also officially said it strives “to earn and maintain the trust of those that use Netgear products for their connectivity.” To earn and maintain my trust, the company should hurry up with listing all vulnerable models and get out new dependable firmware. If it doesn’t want its user base to turn to another brand, then the company should also avoid releasing any more statements which could be systematically ripped apart.