Security News > 2020 > June > Living on a prayer? Netgear not quite halfway there with patches for 28 out of 79 vulnerable router models

Netgear has now patched 28 out of 79 vulnerable router models, six months after infosec researchers first noticed security problems potentially allowing an attacker to remotely execute code as root.

Over the past few weeks Netgear has been pushing out fixes, having so far plugged problems with 28 of the 79 models it says are affected by the unwanted remote-superuser flaw.

An infosec outfit called Grimm followed that up by releasing live exploit code for two of the unfixed vulns, which stung Netgear into patching two devices early on.

"Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgrade check.cgi, which may allow for unauthenticated remote code execution with root privileges," said America's Carnegie-Mellon University in a note from its Software Engineering Institute summarising the problem.

The latest batch of hotfixes are available on Netgear's website, along with a health warning that full regression testing hasn't been carried out on all the affected devices.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/06/30/netgear_router_patches_28_of_79_done/