As ax awaits Apple's AirPort, wide swath of Netgear routers found subject to serious vulnerability
Nearly all recent Netgear home routers have a serious flaw, allowing nefarious hackers to take control of a router and use it for denial of service attacks after the router's owner simply visits a malicious website.

Netgear believes that the R6200, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000 are subject to the "command injection" attack, and the company claims to be investigating the flaw. As the attack can remotely take place on the router itself just from visiting a malicious website, Apple owners with a Netgear router are still at risk.
Another researcher has discovered that the R7000P, R7500, R7800, R8500, and R9000 are also afflicted by the flaw.
The exploit was initially published on Dec. 9, and later revealed by CERT on Dec. 11. Netgear did not go public with the issue until Dec. 12.
The original discoverer of the exploit claims that he told Netgear about the problem on Aug. 25, contrary to a public statement by Netgear claiming that the company is being "pro-active, rather than re-active" to security issues.

Near the end of November, reports started circulating that Apple may be exiting the Wi-Fi router business. Former AirPort engineers are now reportedly working on other teams, including Apple TV development.
The internal changes suggest that Apple has no plans to update its lineup of routers, including the AirPort Extreme, Time Capsule, and AirPort Express. Apple's portable AirPort Express has not even been updated to 802.11ac.
The AirPort Extreme and Time Capsule products are not currently being sold in some Apple Retail stores.

Netgear believes that the R6200, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000 are subject to the "command injection" attack, and the company claims to be investigating the flaw. As the attack can remotely take place on the router itself just from visiting a malicious website, Apple owners with a Netgear router are still at risk.
"Exploiting these vulnerabilities is trivial" -- CERT
Another researcher has discovered that the R7000P, R7500, R7800, R8500, and R9000 are also afflicted by the flaw.
The exploit was initially published on Dec. 9, and later revealed by CERT on Dec. 11. Netgear did not go public with the issue until Dec. 12.
The original discoverer of the exploit claims that he told Netgear about the problem on Aug. 25, contrary to a public statement by Netgear claiming that the company is being "pro-active, rather than re-active" to security issues.
"Exploiting these vulnerabilities is trivial," writes CERT. "Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available."Netgear R7000 Command Injection. https://t.co/TJvVdlEokU
-- Acew0rm (@Acew0rm1)

Identifying if you're affected
Users can test to see if their router is vulnerable to the flaw from within the router's network by entering the IP address of the router, generally 192.168.1.1 in the following format:If the router reboots, then it is vulnerable to the flaw.
Rectifying the issue
The same flaw can be used to shut down the assailable web server. The fix lasts until the router restarts. After executing the command, the router's web administration tools are not available.Netgear has released beta firmware for an assortment of routers afflicted by the issue, but not all of them. The company notes that "this beta firmware has not been fully tested and might not work for all users."
Apple may be getting out of the router game
Apple's AirPort series of routers is immune to this particular attack, however, updates may not be available for that much longer.Near the end of November, reports started circulating that Apple may be exiting the Wi-Fi router business. Former AirPort engineers are now reportedly working on other teams, including Apple TV development.
The internal changes suggest that Apple has no plans to update its lineup of routers, including the AirPort Extreme, Time Capsule, and AirPort Express. Apple's portable AirPort Express has not even been updated to 802.11ac.
The AirPort Extreme and Time Capsule products are not currently being sold in some Apple Retail stores.

Comments
I buy Apple for security and simplicity and expected that to begin at my router/firewall.
At at first I thought Apple might be leaving because they got in to help spread WiFi and left when there were so many competent router makers.
Now we see that the other router makers are not always so competent and I've begun to wonder if Apple exited because the felt they didn't have the wherewithal to make a router that wouldn't be comprised, so they would leave the bad PR to the other router makers.
But I think those arguments are wrong.
Even if Apple can't add anything in terms of the product's technical spec sheet, they can add a highly credible claim that they will do their best to keep your local network secure. And when they pair that with TimeCapsule, they can make a highly credible claim to keep your data safe and secure.
Now... I'm NOT suggesting that Apple has zero security/reliability issues with their products. They aren't perfect.
But compared to alternative vendors who exist in the real world, there is no other company that I trust more (at least none that is in my price range, offering products that more or less "just work" for consumers, prosumers, and small businesses). There might occasionally be a company that offers a better product, but none that do it consistently year after year.
I really want Apple to figure out how to produce, update, and maintain more than just a small handful of products. I want a grown-up version of Apple. Some people misinterpret that to mean that I want Apple to become just like other big companies, but that's not it. I want Apple to become a grown-up version of itself -- to be the best it can be.
But, more seriously, given the relative router security in question, I must reiterate my previous suggestion
as to whether Apple actually did maintain their privacy position and standards in their disputes with the U.S. government?
Or did they do so only in public, while quietly caving in private? I hope we don't find out "the hard way",
and I hope moves like this one aren't early indicators...
Seven CVE vulnerabilities but only one since 2011. It appears all of these have been fixed by Apple.
I agree with @blastdoor and disagree with @wigby about whether routers are just dumb pipes. It's the same with encryption on iPhones. People just need to be educated about computer and router security, just like they've been educated about phishing attacks and identity theft. Apple tries to do this and gets ridiculed for it. Instead of giving up and suggesting people just don't care, we as educated computer technicians need to help spread the word about these real issues and not simply sweep them under the carpet. We have a President elect and corrupt FBI who's good at doing those things when they see the angle in doing so.
To correct an error in a prior post above about availability, these Airport products are still for sale at Apple stores both in the USA and the UK as I recently had orders filled in both countries in the last two weeks.
It is possible that a strategic decision was made regarding this segment of the ecosystem as well: if a user can attach large storage at home (4TB drives are now about $100) it might interfere/ compete with Apple's iCloud service that they charge for. Note that the new file management thingy only works to offload desktop/document files to iCloud, a service that requires a subscription for use.
But...Apple seems to be proactive about security and privacy, at least for iPhone as the cash cow. Seems like maybe they are less interested in that issue when there is no money in it for them. Color me shocked?