Before buying the Netgear CM600, I was wondering if the CSRF / LocalFile / XSS product vulnerability has been fixed yet? The support entry on the issue mentions the update should be released by the end of December. The support entry was updated on 02/25/2016 supposedly, but does not mention anything about what product(s) affected (which also includes the modem CM400) have been patched.
With cable modems I know the firmware review process through each provider takes time. What firmware for the CM600 is the version(s) that have been patched of this vulnerability? I have Time Warner Cable and will want to make sure they can push out patched firmware to my unit if I end up purchasing one.
Obviously if this security issue has not been address yet nearly 4 months after the security posting was made, I will not be purchasing the CM600 and also advising the folks I know with the CM400 to replace the unit.
For the CM400 owners- what firmware version(s) should they look for that were the patched version(s)?
I say "version(s)" as I know the version numbers can vary by ISP.
