Security News > 2020 > July > If you own one of these 45 Netgear devices, replace it: Kit maker won't patch vulnerable gear despite live proof-of-concept code
Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability - despite security researchers having published proof-of-concept exploit code.
Keen-eyed Reg readers noticed that Netgear quietly declared 45 of the affected products as "Outside the security support period" - meaning those items won't be updated to protect them against the vuln.
America's Carnegie-Mellon University summarised the vuln in a note from its Software Engineering Institute: "Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgrade check.cgi, which may allow for unauthenticated remote code execution with root privileges."
With today's revelation that 45 largely consumer and SME-grade items will never be patched, Netgear faces questions over its commitment to older product lines.
Brian Gorenc, Trend Micro's senior director of vulnerability research and head of ZDI, told The Register in a statement: "Consumers should always ensure their devices are still supported by their manufacturers. They should also check the available support before purchasing a device. Unfortunately, there are too many examples of vendors abandoning devices that are still in wide use - sometimes even when they are still available to purchase. We hope vendors clearly communicate their support and lifecycle policies so that consumers can make educated choices."