Critical security vulnerabilities in NETGEAR BR200 and BR500 routers: Impossible to patch these issues

Tech firm NETGEAR released a security alert related to multiple vulnerabilities in the BR200 and BR500 routers. As per the report, a successful attack requires the computer that manages the router to visit a malicious website. Errors are considered critical and received scores above 7/10 according to the Common Vulnerability Scoring System (CVSS).

Due to technical limitations in NETGEAR deployments, it has been confirmed that it is impossible to release security updates to fix bugs. Since the flaw will remain unpatched, the company released a series of recommendations to mitigate the risk of exploitation:

  • Isolate the network using virtual local area networks (VLANs)
  • Use of router MAC access control lists to restrict router management to specific computers
  • Verify that the computer used to access the router’s management GUI is protected with antivirus/anti-malware tools
  • Avoid suspicious websites or unsolicited emails
  • Close all browser tabs other than the router management GUI

To log out of the GUI of the affected routers, follow the steps below:

  • Click the logout icon (a semicircle with an outgoing arrow) at the top right of the router’s management GUI page
  • Make sure the router’s management GUI displays the message “Thank you for using the NETGEAR Web-based Router Configuration Utility”

NETGEAR is offering free discounts or replacements to users who have recently purchased any of the affected models: Those who purchased a BR200 or BR500 after May 19, 2021, are eligible to receive a free SXR30 (Orbi Pro WiFi 6 Mini AX1800 router), while those who purchased a BR200 or BR500 before the aforementioned date, they can request a 50% discount when purchasing an SXR30.

More information about this offer can be found in the NETGEAR security alert.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.