Several Netgear routers, including some of most popular models on Amazon, have been vulnerable to remote attacks for months. According to Wired, a security researcher named Andrew Rollins discovered the flaw and notified the company about it way back on August 25th but didn’t get a reply. He went public with the information after waiting for over three months, prompting Homeland Security to issue a warning a few days ago. Now, the company has finally admitted that it’s aware of the problem, named all the affected devices and released patches for some of them.
Based on Netgear’s announcement, there are 11 affected devices.
The company already issued patches for the R6250, R6400, R6700, R7000 and R8000, but you’ll have to install them manually since Netgear doesn’t have a means to push an over-the-air update. It’s unclear why the company isn’t done putting patches together for the other models — Rollins told Wired that it’s making Netgear look incompetent as the flaw is “not that hard to fix at all.”
In case you’re using any of the models that has yet to be patched, you may want to take Homeland Security’s advice. The flaw is pretty easy to exploit, after all, and a hacker could easily take control of your computers to make them part of a botnet. DHS pointed to a blog post by computer science researcher Bas van Schaik for a temporary fix, though it mentioned a much easier option you can take: stop using your router until a patch is available.