The Register
Netgear has now patched 28 out of 79 vulnerable router models, six months after infosec researchers first noticed security problems potentially allowing an attacker to remotely execute code as root.
The latest hotfixes come after two models were fixed earlier in June. The vulnerability in question could, for example, allow the opening of a superuser-level telnet backdoor, as we reported at the time.
Over the past few weeks Netgear has been pushing out fixes, having so far plugged problems with 28 of the 79 models it says are affected by the unwanted remote-superuser flaw.
The vulnerabilities, initially discovered by Trend Micro’s Zero Day Initiative (ZDI) in January, were meant to have been patched by 15 June. Netgear asked for an extension at the end of May for a further month, prompting the ZDI to publish an advisory note.
An infosec outfit called Grimm followed that up by releasing live exploit code for two of the unfixed vulns, which stung Netgear into patching two devices early on.