Computer security is essential because malicious cyber threats are on the rise and even large corporations have fallen prey to ransomware and other forms of security breaches that can bring down an entire business. A security breach can compromise sensitive customer data or even involve the loss of a company’s vital intellectual property.
This morning, networking equipment manufacturer Netgear issued a security advisory for its BR200 and BR500 routers. These two products were released a year ago and were touted as an ideal, ultra-secure router for home workers who need seamless access to their corporate network so they can work from home as if they were in the office. The idea was and is a great one, but it seems there is a problem.
The security advisory issued this morning claims that the two routers have multiple security vulnerabilities and that they simply can’t be fixed. Netgear says if you have a BR200 or a B500 you can send it back to the company and it will be exchanged for a free or discounted replacement router, depending on when the device was bought.
The vulnerability of these two routers means there could be a security breach if a user is visiting a suspicious website and clicking on a malicious link while they have the router’s built-in web interface for adjusting the router’s settings. Frankly, that’s pretty unlikely to happen but with computer security, no matter how minuscule the threat might be, it must be taken seriously. The hacker only has to get lucky once.
Hats off to Netgear’s Business Division for being open and transparent on this issue and not covering it up. I wonder how many cheaper consumer routers are being used by home workers where there are multiple vulnerabilities but the manufacturer either doesn’t know about them or hasn’t bothered to inform the customer because they can’t be fixed and are unlikely to happen.
Netgear has contacted all owners of the BR200 and BR500 routers with a list of sensible precautions they can take to limit the possibility of a security breach and that’s to be commended. I think I would probably follow their instructions and carry on using the router because both models are very good and there’s no reason why a corporate home user should even be accessing the router management interface. By limiting who can access that function using Mac filtering, the home workers IT department can eliminate the vulnerability. These changes can be made remotely by an IT department using Netgear’s Insight tools.
I’m impressed that Netgear has put its hands up and stated that the multiple vulnerabilities can’t be fixed. They’ve made an offer for anyone worried so they can claim a replacement router in the form of the SXR30 (Orbi Pro WiFi 6 Mini AX1800 Router). The BR200 and BR 500 aren’t Wi-Fi models, so this is a good upgrade.
For people who bought one of the two affected models after May 19, 2021, there is a free replacement. For those who bought before that date, Netgear is offering a 50% discount on an SXR30. Router owners can claim a new router by sending an email message to firstname.lastname@example.org with their full name and shipping address, proof of purchase and the serial number of the router.
I hope the BR200 and BR500 continue in some form because the concept of a secure router with a VPN offering direct access to a corporate network for home workers is essential in this time of hybrid working.
More info: You can read more about the security advisory by visiting this secure link to netgear.com.