"Two Business-Grade Netgear VPN Routers Have Security Vulnerabilities That Can’t be Fixed"
Netgear has admitted that multiple security vulnerabilities in its business-grade BR200 and BR500 VPN routers can’t be fixed due to technical limitations outside of their control and is offering users a free or discounted replacement router. Netgear’s BR200 and BR500 VPN routers provide features such as a site-2-site VPN connection, a firewall, remote configuration and monitoring, and more. The vulernarbilites were reported to Netgear by security researcher Joel St. John. Netgear did not go into detail about the vulnerabilities but mentioned that in order to be exploited, these vulnerabilities require the computer managing the router to visit a malicious website or click a malicious link while accessing the router’s management GUI. The vulnerabilities score a high 7.1 on the CVSS (3.0) scale. The company says it is possible to mitigate the risk of exploitation by isolating the network using VLANs for enhanced security, using the router’s MAC access control lists (ACLs) to restrict router management to specific computers. Organizations can also make sure that the computer used to access the router’s management GUI is equipped with anti-virus, anti-malware, and anti-phishing software.