Seems like Netgear's firmware is more vulnerable?

[jkap]

I have an R7000, just patched. I love it but should I be concerned about Netgear firmware? If I'm not mistaken this is the second urgent update Netgear has had this year? Is there something that makes their firmware more vulnerable than other manufacturers and should I start looking elsewhere for routers?

Sent from my Pixel XL using Tapatalk

 

[RogerSC]

I'm happy to see them fixing their firmware. A lot of firmware has vulnerabilities but is never fixed, or fixed a year later if at all. If you see security fixes, that's a good thing in my book. I got a bulletin from Netgear advising me of the security problem and fixed firmware. I'm much happier than the usual case, which is that you never hear, and no fix. I don't think that Netgear's firmware is any more vulnerable than anyone else's, though. There are security problems found all the time, in all firmware. The question is whether they're fixed, and how quickly.

 

[RMerlin]

I have an R7000, just patched. I love it but should I be concerned about Netgear firmware? If I'm not mistaken this is the second urgent update Netgear has had this year? Is there something that makes their firmware more vulnerable than other manufacturers and should I start looking elsewhere for routers?

So far, I'd say Netgear is in the middle of the pack. Not better, but not worse than Linksys, DLink or Asus either. It's just a sign that hackers are starting to more actively target those routers, and all manufacturers are scrambling to fix issues caused by years and years of poor coding practice.

 

[sfx2000]

So far, I'd say Netgear is in the middle of the pack. Not better, but not worse than Linksys, DLink or Asus either. It's just a sign that hackers are starting to more actively target those routers, and all manufacturers are scrambling to fix issues caused by years and years of poor coding practice.

Netgear is feeling the pain at the moment, due to their relative success - not just in the Off-the-Shelf consumer space, but also in the carrier provided equipment domain - and there are others that play in the same spaces as well. The challenge with the CPE is the turn-around time that may be needed for the carrier/provider to approve the deployment.

I don't like seeing security issues pop up, but perhaps this is a good step moving forward with a fair amount of code review to try and find additional issues.

 

[NUTW0RX]

I never liked their vague "release notes". I also don't like the fact they no longer support https management from the LAN side; this is a poor practice.

Unfortunately after about 2-3 years these manufacturers stop providing firmware updates and you're left with a bunch of vulnerable equipment.

 

[sfx2000]

Unfortunately after about 2-3 years these manufacturers stop providing firmware updates and you're left with a bunch of vulnerable equipment.

Life cycle of most home Gateway/edge devices is about 2 years...