Security News > 2022 > May > Two business-grade Netgear VPN routers have security vulnerabilities that can’t be fixed

Netgear has admitted that multiple security vulnerabilities in its business-grade BR200 and BR500 VPN routers can't be fixed due to technical limitations outside of their control, and is offering users a free or discounted replacement router.

Netgear's BR200 and BR500 VPN routers are marketed as remote networking solutions for small to medium-size businesses and home offices, and provide features such as a site-2-site VPN connection, a firewall, remote configuration and monitoring, and more.

Netgear doesn't detail the vulnerabilities reported by security researcher Joel St. John, but simply says that, "In order to be exploited, these vulnerabilities require the computer managing the router to visit a malicious website or click a malicious link while accessing the router's management GUI," and that they score a high 7.1 on the CVSS scale.

The company says it is possible to mitigate the risk of exploitation by isolating the network using VLANs for enhanced security, using the the router's MAC access control lists to restrict router management to specific computers, and making sure that the computer used to access the router's management GUI is equipped with anti-virus, anti-malware, and anti-phishing software.

"Do not visit any unknown or suspicious links either in a browser or email client. Close all other browser tabs other than the router's management GUI. Make sure that you log out when you are not actively managing your router," the company advises.

For them, Netgear offers either a free SXR30 or a 50% discount on an SXR30 - depending on when the purchase was made.

News URL

https://www.helpnetsecurity.com/2022/05/20/two-business-grade-netgear-vpn-routers-have-security-vulnerabilities-that-cant-be-fixed/