Netgear Router Vulnerability: Are You At Risk?

Tom's Guide / Marshall Honorof

Updated October 9, 2015 at 3:26 PM

Netgear Router Vulnerability: Are You At Risk?

Bad news for consumers with Netgear routers: Your device could be compromised with no solid release date for a fix. A vulnerability in two kinds of Netgear router firmware has opened more than 10,000 users up to attack, but while Netgear has updated firmware ready to go, it hasn't made any plans to release it yet.

The story comes courtesy of Threatpost, and actually begins back in July. An unnamed user noticed unusual activity on his router, and upon investigating, tracked it to an outside attack. This person then informed Compass Security, a security firm based in Rapperswil-Jona, Switzerland. Compass worked with the Swiss government to get the attack server shut down, although this process is still ongoing.

MORE: Best Antivirus Software and Apps

Compass also contacted Netgear — privately, at first, in order to give the company time to patch the flaw before other cybercriminals got wise to the scheme. Netgear did not reply until Sept. 3, when it sent Compass a test version of new firmware that was supposed to fix the vulnerability. The firmware worked, but Netgear still has no release date for the patch. As such, Compass released details about the vulnerability, as it believed that the router manufacturer was dragging its heels. Compass determined that the vulnerability has affected more than 10,000 people, mostly in the United States.

The vulnerability itself is an authentication bypass that affects the N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img versions of the firmware. If users have remote administration turned on (it's off by default), anyone with Internet access could theoretically hack into a Netgear router and pick up information from it, as well as install tracking or keylogging software. If remote administration is turned off, an attacker can still take advantage of the flaw, assuming that he or she is physically connected to the router, or on the same Wi-Fi network.

As such, even though users can't upgrade their Netgear firmware just yet, they can ensure that remote administration is turned off. To do this, you'll have to manipulate your router options. By default, your router should be accessible at either 198.16.1.1 or 192.168.0.1, but if you need further information, you can check the instructions for your model of router. It takes a little tech know-how, but it's not much more difficult than, say, adjusting the options on your Internet browser.

Beyond that, be sure to check for firmware updates regularly. The Netgear update should be out sooner rather than later. Routers are an incredibly common point of compromise in home networks, simply because users often neglect to keep them updated with the same assiduity as their computers and mobile devices.

Yahoo Sports
2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set
With the lottery order set, here's a look at Yahoo Sports' projections for both rounds of the 2024 NBA Draft.
Yahoo Sports
What scouts think of Bronny James' NBA prospects
The biggest question looming over the NBA draft combine this week: How will Bronny James do?
Yahoo Sports
NFL schedule release: Chiefs to host Ravens in 2024 season opener
Chiefs vs. Ravens on Sept. 5 will be a rematch of last season's AFC Championship Game.
Yahoo Finance
Utility stocks are on fire — here are Wall Street analysts' top picks
Utility stocks are outperforming the broader markets. Here's a look at three top picks from analysts.
Yahoo Sports
The Spin: Making a call on 5 slumping fantasy baseball stars
All five of these hitters were drafted highly in fantasy baseball leagues. So far, they have not lived up to their ADPs — and that's an understatement. Scott Pianowski analyzes.
Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Finance
Here's 1 big investing mistake you are probably still making
Maybe a 5% CD isn't the best choice for your hard-earned money.
Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
Derrick Lewis strips off shorts, moons crowd in St. Louis after KO win over Rodrigo Nascimento
“I appreciate St. Louis for letting me show my naked ass tonight."
Yahoo Sports
Wide receiver rankings for 2024 fantasy football
The Yahoo Fantasy football analysts reveal their first wide receiver rankings for the 2024 NFL season.
Yahoo Sports
Tight end rankings for fantasy football 2024
The Yahoo Fantasy football analysts reveal their first tight end rankings for the 2024 NFL season.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Finance
Biden's coming new tariffs on China reflect 'lessons learned'
A sweeping White House move on China tariffs that is expected to be unveiled early next week "reflects lessons learned," according to a former official who was involved in the process.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Finance
Australian ambassador: 'American model is proving its resilience' despite threat from Chinese industrial policy
China may be outspending the US when it comes to industrial policy in sectors like electric vehicles and semiconductors, but America is winning on innovation where it can’t on price, according to one China expert.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Michael Cohen testifies in Trump hush money case

Netgear Router Vulnerability: Are You At Risk?

Recommended Stories

2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set

What scouts think of Bronny James' NBA prospects

NFL schedule release: Chiefs to host Ravens in 2024 season opener

Utility stocks are on fire — here are Wall Street analysts' top picks

The Spin: Making a call on 5 slumping fantasy baseball stars

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

The best RBs for 2024 fantasy football, according to our experts

Here's 1 big investing mistake you are probably still making

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

The FDIC change that leaves wealthy bank depositors with less protection

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

The best budgeting apps for 2024

Derrick Lewis strips off shorts, moons crowd in St. Louis after KO win over Rodrigo Nascimento

Wide receiver rankings for 2024 fantasy football

Tight end rankings for fantasy football 2024

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Biden's coming new tariffs on China reflect 'lessons learned'

Social Security just passed Medicare as the government's most pressing insolvency risk

Australian ambassador: 'American model is proving its resilience' despite threat from Chinese industrial policy