Security News > 2022 > May > Two business-grade Netgear VPN routers have security vulnerabilities that can’t be fixed
Netgear has admitted that multiple security vulnerabilities in its business-grade BR200 and BR500 VPN routers can't be fixed due to technical limitations outside of their control, and is offering users a free or discounted replacement router.
Netgear's BR200 and BR500 VPN routers are marketed as remote networking solutions for small to medium-size businesses and home offices, and provide features such as a site-2-site VPN connection, a firewall, remote configuration and monitoring, and more.
Netgear doesn't detail the vulnerabilities reported by security researcher Joel St. John, but simply says that, "In order to be exploited, these vulnerabilities require the computer managing the router to visit a malicious website or click a malicious link while accessing the router's management GUI," and that they score a high 7.1 on the CVSS scale.
The company says it is possible to mitigate the risk of exploitation by isolating the network using VLANs for enhanced security, using the the router's MAC access control lists to restrict router management to specific computers, and making sure that the computer used to access the router's management GUI is equipped with anti-virus, anti-malware, and anti-phishing software.
"Do not visit any unknown or suspicious links either in a browser or email client. Close all other browser tabs other than the router's management GUI. Make sure that you log out when you are not actively managing your router," the company advises.
For them, Netgear offers either a free SXR30 or a 50% discount on an SXR30 - depending on when the purchase was made.
News URL
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- TunnelBear VPN Review 2024: Pricing, Ease of Use & Security (source)
- D-Link urges users to retire VPN routers impacted by unfixed RCE flaw (source)
- Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package (source)
- D-Link tells users to trash old VPN routers over bug too dangerous to identify (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- US reportedly mulls TP-Link router ban over national security risk (source)