Your concern is a valid concern and should be addressed.

 

However, Netgear has already taken care of the issue.

 

 

What is NETGEAR doing about it?
NETGEAR takes customer security seriously and has released a firmware that fixes this issue. Details can be found on the firmware release notes articles # 29959, 29461, and 27635.
Customers can be notified of the new firmware by checking the Router Update page, desktop, and mobile genie app. NETGEAR will also proactively notify registered users via email.

 

Also as a suggestion from Netgaear, and one that everyone should always do is change the default settings.

 

How do I prevent this attack?
First step of all security measures is to block unauthorized access to your network. By default NETGEAR routers are pre-configured with random security SSID and passphrase. It is recommended to change the SSID and passphrase, as well as administrator password to the router setup GUI page. You can also block unauthorized device from the NETGEAR genie app or desktop application by right-clicking on the unauthorized device in the Network Map.

I would also add that I received my update from Netgear about 6 or 7 weeks ago.

@bobberuchi that is hardly a fix for several huge reasons:

(1) Netgear has confirmed that the patch that they released is only known to work on 3 out of 11 affected models. They basically said for the other 8, consider the software beta (i.e. if it works, it works, otherwise wait). Netgear knew about this for 3 months and did nothing until it recently blew up in the news. How much longer do they want people to wait?

(2) Most customers don't know how to properly setup and secure a router. And coming from someone that used to work for Best Buy they forgo the $150 network setup that costs more than the router. This means initial settings (including usernames and passwords) never get changed, making end users more vulnerable.

(3) Most routers go YEARS without firmware upgrades, making them easy exploit targets. Now that people are connecting their homes (in addition to their lives) to the internet, expect the number of exploits to go up.

(4) Best Buy is still actively selling models affected by this WITH the outdated firmware. See point 2 and realize that only 3 out of 11 have an actual confirmed fix. This tells me Netgear isn't taking it all that serious.

(5) Most customers are completely oblivious that this is even going on, which is why Netgear continues to ship routers (and Best Buy continues to sell them) without a confirmed fix for almost 75% of affected models - it should also be considered that 3 out of 11 are the best selling models on a certain online marketplace which means Netgear is almost certainly putting profits before people.

NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management

Netgear had months to patch a vulnerability in some of the most popular consumer routers on the market. It still hasn't.