Security firm Trustwave has disclosed the details of several vulnerabilities affecting Netgear routers, including devices that are top-selling products on Amazon and Best Buy.

The flaws were discovered by researchers in March 2017 and they were patched by Netgear in August, September and October. One of the high severity vulnerabilities has been described as a password recovery and file access issue affecting 17 Netgear routers and modem routers, including best-sellers such as R6400, R7000 (Nighthawk), R8000 (Nighthawk X6), and R7300DST (Nighthawk DST).

Netgear has added an unwelcome guest in the newest firmware update for its popular upscale Nighthawk R7000 router. It's collecting and uploading user data.

After being dogged by some firmware glitches last year, Netgear has taken the decision to keep an eye on what its high-end router is doing, including IP and MAC addresses of your activity. A support page entry explains: "Technical data about the functioning and use of our routers and their WiFi network can help us to more quickly isolate and debug general technical issues, improve router features and functionality, and improve the performance and usability of our routers. 

New vulnerabilities in Netgear routers could potentially allow hackers to hijack devices and expose passwords. The vulnerabilities could also allow malicious entities to recruit compromised devices into a botnet and use them to launch large-scale cyberattacks.

Trustwave security researcher Simon Kenin uncovered that the vulnerabilities can be exploited remotely if the routers' management options are enabled. "We have found more than ten thousand vulnerable devices that are remotely accessible. The real number of affected devices is probably in the hundreds of thousands, if not over a million," Kenin said in a Trustwave blog.

Bad news for consumers with Netgear routers: Two popular Netgear routers are vulnerable to a critical security bug that could allow attackers to run malicious code with root privileges.

Netgear's R7000 and R6400 routers, running current and latest versions of firmware, are vulnerable to arbitrary command injection attacks, though the number of users affected by the flaw is still unclear. In an advisory in Carnegie Mellon University's public vulnerability database, security researchers said that all an attacker needs to do is trick a victim into visiting a website that contains specially crafted malicious code to exploit the flaw.

Netgear, one of the most popular router manufacturers, has been vulnerable to two different flaws that could allow hackers to compromise your corporate network and connected devices.

Reported critical vulnerabilities reside in the Netgear's ProSafe NMS300 Model – a centralized and comprehensive management application for network administrators that enables them to discover, monitor, configure, and report on SNMP-based enterprise-class network devices. Simple Network Management Protocol is a network management protocol which facilitates Netgear's ProSafe NMS300 application to gather data from various network devices such as servers, printers, hubs, switches, and routers.