Grade C · Moderate Risk

Is AT&T Router Safe?

AT&T gateways are US-managed ISP routers. The BGW320 rates C. Older models (NVG589, BGW210) are end-of-life D-grade. Full security analysis.

Security Verdict

AT&T gateways are ISP-provided routers managed by AT&T (Dallas, TX), a US company. There is no Chinese ownership risk or FCC ban concern. AT&T's situation is mixed depending on which model you have. The BGW320 (current model, hardware by Humax of South Korea) rates C - it receives active firmware updates and has reasonable security. Older models including the NVG589 and BGW210 are end-of-life and rate D - they no longer receive security patches. If you are on an older AT&T gateway, firmware vulnerabilities will never be fixed.

Bottom line: BGW320: Acceptable. Older NVG/BGW models: replace or add your own router in front of them.

AT&T Models - Security Grades

All AT&T models in our database. Click a model for its full security report.

Model	Grade	FCC Status	Security Support	Made In
BGW320	C	FCC authorized	Managed by AT&T	South Korea (Humax)
BGW210	D	Authorized (aging)	Limited - aging hardware	China (Pace/CommScope)
NVG589	D	Authorized (aging)	End of active support	China (Pace)
NVG599	D	Authorized (aging)	Limited - aging hardware	China (Motorola/Arris)

Actual Hardware AT&T Deploys

When you lease equipment from AT&T, these are the specific router and gateway models you receive. Firmware on ISP-leased equipment is controlled by the ISP, not you.

Arris BGW210-700

Most common AT&T Fiber gateway. Wi-Fi 5 (802.11ac).

Nokia BGW320-500

Current AT&T Fiber gateway (Wi-Fi 6, deployed 2023–2026).

Pace 5268AC

Legacy AT&T gateway, widely deployed in older installations.

ISP Equipment Policy

Firmware Updates

AT&T pushes firmware updates to leased gateways via TR-069 remote management. Customers cannot control update timing.

Bridge / Passthrough Mode

IP Passthrough mode available (also called DMZplus). Configure under Firewall > IP Passthrough in the admin panel at 192.168.1.254.

Default Credentials

Unique credentials printed on the gateway label. Default admin username is "admin".

Key Risk Factors

Older models are end-of-life

NVG589, BGW210, and NVG599 are no longer receiving security updates. Any new vulnerability found will never be patched on these devices.

AT&T controls firmware

Like all ISP gateways, AT&T manages firmware updates and collects network data. You have limited control over the device software.

BGW320 actively maintained

AT&T's current BGW320 gateway receives firmware updates and has a reasonable security posture. Hardware is from Humax (South Korea).

Frequently Asked Questions

Is my AT&T router safe?

It depends on which model. The current BGW320 is actively maintained and rates C - acceptable. Older models like the NVG589 and BGW210 are end-of-life and rate D. Check our router checker for your specific model to see its current security grade.

Is AT&T BGW320 safe?

The BGW320 is AT&T's current gateway, rates C in our analysis, and is actively maintained by AT&T. Hardware is by Humax (South Korea). It is safe from a national security perspective and receives regular firmware updates. It lacks advanced security features but is adequate for most home users.

Should I use my own router with AT&T?

AT&T requires their gateway for fiber authentication (via GPON), but you can set it to IP passthrough mode and connect your own router for all routing and security functions. This gives you better control over firewall settings, VLANs, and firmware.

Is AT&T NVG589 still safe?

The NVG589 is end-of-life and receives no security patches. This is a D-grade router - any new vulnerabilities discovered will never be fixed. If you have an NVG589, contact AT&T about upgrading to a BGW320, or use IP passthrough mode and add your own secure router.

CHECK YOUR SPECIFIC MODEL

Get your router's full security report

Check any specific model for CVEs, FCC status, security capabilities, and your personalized action plan.

Check a Router → Top 10 Safe Routers