The Register reports that 45 Netgear home routers are vulnerable to a new attack and will not be getting security updates from the manufacturer to patch it.
For most of us, the internet router is just a little black or white box that sits in the hall and that you restart if the internet breaks. Your router is actually running a mini web server behind the scenes that lets you connect to change settings and perform diagnostics, and it periodically checks for updates to its firmware from the manufacturer.
These background processes unfortunately present a method of attack for hackers, who look for vulnerabilities in the web server or update mechanism and can use them to gain access to your device and network. Unfortunately for owners of 45 different models of Netgear internet router, such a vulnerability has now been discovered.
Manufacturer Netgear was made aware of the exploit six months ago but failed to fix the issue, so it was publicly disclosed in June Trend Micro's Zero Day Initiative. Public dislosure is often the final option left for security researchers who want to force hardware and software developers to fix vulnerabilities they've discovered.
Netgear won't be fixing the vulnerability in 45 affected routers even though proof-of-concept code for the attack has already been published as the firm has decided that these products are end-of-life and will no longer be issuing security updates for them. If you have one of these devices at home, it is vulnerable to attack and you should replace it. A full listing is available over at The Register and on the Netgear website.
Source: The Register
