Remember when the sky -- or at least Ryzen -- was falling ? You should , because it was only a few months ago , when the CTS Labs security company revealed Vulnerability-related.DiscoverVulnerability numerous vulnerabilities in AMD 's new Ryzen and EPYC processor lines . AMD has been largely quiet about these vulnerabilities in the time since , but the company assured Tom 's Hardware that it has n't forgotten about CTS Labs ' report or neglected to address Vulnerability-related.PatchVulnerability the flaws in its processors . A quick recap : In March , CTS Labs released information Vulnerability-related.DiscoverVulnerability on a collection of vulnerabilities in AMD 's latest chips that it dubbed `` Ryzenfall . '' These security flaws were said to be present in Vulnerability-related.DiscoverVulnerability the most basic aspects of the Ryzen and EPYC processors , and after consulting with other researchers , CTS Labs decided to publish Vulnerability-related.DiscoverVulnerability its findings without giving AMD the customary 90-day notice between a vulnerability's discovery Vulnerability-related.DiscoverVulnerability and its public disclosure Vulnerability-related.DiscoverVulnerability . Earlier this week , CTS Labs emailed us to express concern about the lack of updates Vulnerability-related.PatchVulnerability from AMD regarding these vulnerabilities . The company said it believed many of the vulnerabilities would take months to fix Vulnerability-related.PatchVulnerability , with the Chimera issues requiring a hardware change that could n't be implemented in products that have already shipped . AMD 's relative silence and lack of updates Vulnerability-related.PatchVulnerability apparently led CTS Labs to believe the company had stalled out . We reached out to AMD for comment and received the following in response : Within approximately 30 days of being notified Vulnerability-related.DiscoverVulnerability by CTS Labs , AMD released Vulnerability-related.PatchVulnerability patches to our ecosystem partners mitigating Vulnerability-related.PatchVulnerability all of the CTS identified vulnerabilities on our EPYC™ platform as well as patches mitigating Vulnerability-related.PatchVulnerability Chimera across all AMD platforms . These patches are in final testing with our ecosystem partners in advance of being released publicly Vulnerability-related.PatchVulnerability . We remain on track to begin releasing Vulnerability-related.PatchVulnerability patches to our ecosystem partners for the other products identified in the report this month . We expect these patches to be released publicly Vulnerability-related.PatchVulnerability as our ecosystem partners complete their validation work . That 's still vague -- we do n't know to what `` ecosystem partners '' these patches have been delivered Vulnerability-related.PatchVulnerability nor when they should be expected to roll out -- but it does show that AMD has n't simply forgotten about CTS Labs ' report . We expect to hear more about these patches and how AMD plans to address Vulnerability-related.PatchVulnerability them as the company and its partners get them ready to ship . In the meantime , it seems that much like the sky , Ryzen has yet to fall .

Yesterday , researcher Simon Kenin of Trustwave SpiderLabs released information Vulnerability-related.DiscoverVulnerability about an authentication bypass flaw affecting Vulnerability-related.DiscoverVulnerability a wide variety of Netgear routers , as well as PoC attack code for triggering it . The vulnerability ( CVE-2017-5521 ) can be exploited Vulnerability-related.DiscoverVulnerability by attackers to discover the password required to take over control of an affected device . “ The bug is exploitable remotely if the remote management option is set and can also be exploited Vulnerability-related.DiscoverVulnerability given access to the router over LAN or WLAN , ” he explained Vulnerability-related.DiscoverVulnerability . “ When trying to access the web panel a user is asked to authenticate , if the authentication is cancelled and password recovery is not enabled , the user is redirected to a page which exposes a password recovery token . If a user supplies the correct token to the page http : //router/passwordrecovered.cgi ? id=TOKEN ( and password recovery is not enabled ) , they will receive the admin password for the router ” . He discovered Vulnerability-related.DiscoverVulnerability the vulnerability almost a year ago , but revealed Vulnerability-related.DiscoverVulnerability it only now because Netgear has been slow to push out Vulnerability-related.PatchVulnerability fixed firmware for affected devices . “ In June [ 2016 ] Netgear published a notice that provided Vulnerability-related.PatchVulnerability a fix for a small subset of vulnerable routers and a workaround for the rest . They also made the commitment to working toward 100 % coverage for all affected routers , ” he noted . “ The notice has been updated several time since then and currently contains 31 vulnerable models , 18 of which are patched Vulnerability-related.PatchVulnerability now , and 2 models that they previously listed as vulnerable Vulnerability-related.DiscoverVulnerability , but are now listed as not vulnerable Vulnerability-related.DiscoverVulnerability . In fact , our tests show that one of the models listed as not vulnerable Vulnerability-related.DiscoverVulnerability ( DGN2200v4 ) is , in fact , vulnerable and this can easily be reproduced with the POC provided in our advisory ” . Trustwave found Vulnerability-related.DiscoverVulnerability over 10,000 remotely accessible vulnerable devices , and estimates that there are many more non-remotely accessible affected devices in use – possibly even a million .