The IT Nerd

Yesterday, I reported that Netgear has 79 different router models that are affected by a serious vulnerability that allows for the complete takeover of the router. That’s incredibly bad and far from trivial. But the thing is, we’re been here before. Netgear has a history of security issues in their products that date back many, many years. Let me cite some examples:

• In 2015 a flaw was discovered In Netgear Routers that exposed the admin password & more in an affected router
• At the end of 2016, Netgear had to roll out new router firmware to fix an (at the time) epic security issue where your router could be recruited into a botnet.
• Not long after that, another serious security hole in Netgear routers appeared that allowed a miscreant to change the settings of the router remotely.
• And not long after that flaw, yet another security flaw was found in Netgear routers that could allow a miscreant to get the admin password from a router.
• While not a security issue, Netgear router software had a critical bug that affected macOS and their response to it was shambolic.
• Not long after that, Netgear lost a pile of customer data that was stored on their cloud service.
• Oh, and here’s a good one. Netgear was caught collecting analytic data on the down low.
• And finally in late 2018, a similar issue to the one that was disclosed in the last few days appeared, and Netgear had to kick out firmware updates to address that in about 17 different routers.

Now that last incident was in 2018. and I thought that Netgear had cleaned up their act. But clearly not. Netgear has clearly not learned from their past mistakes. Instead, they repeat them.

Now one thing that I didn’t report was this fact that was pointed out by a reader:

That’s right. Netgear has known about this latest issue with their routers since January of this year. It’s currently late June, and they didn’t take action until these issues were made public. So that’s a complete #fail as it appears to the casual observer that Netgear wasn’t going to take action. And that as far as I am concerned is also the final nail in the coffin.

Netgear has basically proven that they cannot produce a router that will keep you secure. This is doubly important as we are all living in the age of everyone and their dog is working for home. As far as I am concerned, they don’t deserve a cent from you. Thus if you’re affected by their latest security issues, ditch their router right now and buy another brand of router to replace it. What brand of router should you buy? Well, anything is preferable to Netgear as I am not aware of another router brand that has the scale and history of security issues that Netgear does. Thus any other brand is an improvement over Netgear. And going forward, I would not have any Netgear product on your list for any new purchases. Nor will I recommend Netgear to my clients. In fact, I will be pulling my recommendation of the R8500 because of this security fiasco.

If Netgear wants to rescue their image, they need to give a fulsome explanation in terms of how they are going to ensure that users of their products are going to be secure going forward. And they need to bring in a third party to not only audit everything from a security standpoint in that company, but to also make sure that they aren’t just talking the talk, but they are walking the walk 100% of the time. If they want a template to work from, they should look at what Zoom is doing and copy that.

To be frank, I don’t expect Netgear to do this. The fact is, if they were the least bit serious about keeping their users safe, they would have done some or all of this already. And we wouldn’t be here talking about their security issues today. Thus let me restate my recommendation. If you have Netgear equipment, ditch it ASAP. Because they simply do not deserve your hard earned money. Plain and simple.

UPDATE: Netgear has begun to roll out fixes for this fiasco. More details here.

This entry was posted on June 23, 2020 at 8:35 am and is filed under Commentary with tags Netgear. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.