Story image

NETGEAR committed to proactive approach in router vulnerability saga

02 Feb 17

This week Trustwave revealed that many NETGEAR routers are vulnerable to hacks and other cyber attacks, after certain models are plagued with the CVE-2017-5521 vulnerability.

While Trustwave claimed that Netgear was slow to address the vulnerabilities, Netgear released a statement this week saying that the vulnerability is “not a new or recent development”.

In fact, the company says it has been working with the security analysts to evaluate the vulnerability and its effects.

The company points potentially affected customers to its knowledge base article, which lists the affected routers and the firmware fix for them.  

“Firmware fixes are currently available for the majority of the affected devices. To download the firmware release that fixes the password recovery vulnerability, click the link for the model and visit the firmware release page for further instructions. For devices that are still pending final firmware updates, please follow the advised work around,” the statement says.

The company says the vulnerabilities only exist when remote management is turned on, which can usually only be done with advanced setting customisation.

“This vulnerability occurs when an attacker can gain access to the internal network or when remote management is enabled on the router. Remote management is turned off by default; although remote management can turned on through the advanced settings,” the statement continues.

Netgear says it’s committed to being proactive rather than reactive to emerging security issues, which is fundamental to the company’s product support.

“Netgear does appreciate and value having security concerns brought to our attention. We constantly monitor for both known and unknown threats.

“It is Netgear's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use Netgear products for their connectivity,” the statement concludes.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.