Netgear has decided not to issue firmware updates for 45 of the approximately 80 router and gateway models affected by a remote code execution vulnerability that was publicly disclosed at the end of June. If left unpatched, hackers could essentially bypass the login credentials and take control of the routers.

The idea of an attacker walking around inside a router with unfettered access to its configuration is disturbing to say the least. Fortunately, Netgear has issued a patch to address this flaw for 34 affected models, but unfortunately, the other 45 models are considered "out of (security) support period" and will not receive an update.

As ZDNet reported in June, two security researchers working for different companies discovered the flaw: one is Adam Nichols, head of the software application security team at Grimm, a cybersecurity firm in Arlington, Virginia, and the other, named d4rkness, works for the Vietnamese ISP VNPT.

Both disclosed their findings through Trend Micro's Zero Day Initiative (ZDI) program, which alerted Netgear to the vulnerability in January. days before releasing a security patch for a discovered vulnerability. In this case, Netgear had requested an extension until mid-June, but its request for another extension until the end of June was denied.

Nichols posted a proof of concept on GitHub and also outlined the technical details of the flaw in a blog post. In short, the flaw resides in the web server component of the affected model, is associated with a built-in administration panel, and can be exploited locally or remotely.

"Netgear is providing firmware updates with fixes for all supported products previously published by ZDI and Grimm. The remaining products included in the published list are not supported by us. In this particular instance, the parameters were based on the date of the product's last sale to the channel and were set to more than three years," Netgear said in a statement (via Tom's Guide).

Some of the unpatched routers date back to 2007, while others are more recent. These are not necessarily based on older standards. There are a few Wi-Fi 5 (802.11ac) models, such as the R7300DST pictured above.

A full list of affected models can be found on Netgear's related support page. If you own a model that is not patched, you should consider upgrading (check out our roundup of the best gaming routers). Otherwise, we recommend disabling the remote management feature (see your router's manual for instructions) to at least protect against this type of remote attack.