Martin Rakhmanov, a researcher at Trustwave (an infosec outfit), has spent the last year of his life searching for cock ups in the firmware of loads of bits of Netgear gear.
Surprisingly, the router retailer has already released software to patch the problems. You should install these patches as soon as possible to keep out Naughty People.
A massive 17 routers have a remote auth bypass bug. And it’s a real doozy. Anyone (or anything) that can get to your router’s web-based config can totally pwn you just by added &genie=1 on the end of the URL. Yup, that easy. It means anyone on the interwebs can do what they want to your box. Alter DNS, do redirects to phishing sites, malware, anything they want really. Even swop out every image for a picture of a cat.
Another awful, but not quite as awful issue is something to do with the Netgear Wi-Fi Protected Setup button. Which, is meant to, ya know, protect your Wi-Fi set up. Instead, when depressed, the button opens up a 2 minute window when a Naughty Person could run sketchy code on the router as, ahem, root. Got root? Why yes, yes I do.
Rakhmanov politely let Netgear know about how they’d dun goofed. And they responded quickly by fixing it. Which is nice.