Netgear Leaves 45 Popular Router Models Unpatched In Wake Of Critical Remote Code Execution Security Flaw
About two months ago, a high-severity security flaw was disclosed that impacted 79 different Netgear router models. The security flaw's disclosure came seven months after it was first reported to Netgear, giving it a total of nine months to patch the security issues. Despite having plenty of time to address the high-severity security flaw, it has yet to issue fixes for 45 of its popular router models, leaving those owners unprotected.
Netgear confirmed last week that it would leave 45 router models unpatched with no further support; you can view the full list here. The exploit in question is a remote code execution vulnerability initially disclosed on June 15. If attackers could leverage the vulnerability, it would allow a network-adjacent attacker to bypass authentication on the identified routers.
Initially, 79 Netgear Wi-Fi routers and home gateway models were impacted, and 45 of them will remain unpatched because the company considers them to be outside its "security support period." Netgear confirmed in a press release that the routers in question were three years or more past the last sale date into the channel.
However, a few of the most popular router models that won't be patched can still be purchased brand-new online. One model that won't receive an update is the AC1450, which was originally produced in 2009. Some newer models will go unpatched, including the R6200 and R6200v2 from 2017, which you can still find in stores.
Buyers should stay well away from these models. Newer models, such as the Nighthawk AX4 Wi-Fi 6 router that was on sale for half off previously, did get patches. Netgear choosing not to issue a patch for its older router models, even when they're still in use by consumers and available for purchase at some retailers, is probably not a good look for the company.