NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Jetdrive's avatar
Jetdrive
Luminary
Mar 07, 2020

Netgear routers are at risk of getting hacked: What to do

Netgear this week has pushed out a passel of patches for its home networking gear, covering seven modem-router gateways, one range extender and 40-odd routers, including some Nighthawk models and Orb...
liverman's avatar
liverman
Tutor
Mar 07, 2020

Be sure to click on the link for each vulnerability in the Tom's article and read the specifics.

 

For example, for my R7000, only one of the four effects my R7000:

 

Security Advisory for Post-Authentication Command Injection on Some Routers and Gateways, PSV-2018-0352
https://kb.netgear.com/000061760/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0352
which says:
R7000, running firmware versions prior to 1.0.9.42

 

I am running the latest firmware which is V1.0.9.88_10.2.88. So these alerts do not apply to me and my R7000. Ho hum, big nothing burger for me.

 

But if you have a model and firmware level that is impacted, it is a big deal...but look at the specifics before asking "where is the new firmware".

 

My process with these things is:

  1. Follow each link in the article to find the Netgear KB article describing the vulnerability
  2. Check for my model number and the firmware level that is vulnerable
  3. Look at my current firmware version on my router. If I am patched past that firmware, this does not effect me
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Mar 07, 2020

I agree entirely with this analysis, and did the same thing.  My frustration is with the Netgear "Chicken Little" press release.  "Vulnerable!  Vulnerable!  Must upgrade to the March, 2020 security update."

 

  • theoak's avatar
    theoak
    Luminary
    Mar 07, 2020

    So with regards to the Orbi's it lists:

     

    • RBR20, running firmware versions prior to 2.3.5.26
    • RBS20, running firmware versions prior to 2.3.5.26
    • RBK20, running firmware versions prior to 2.3.5.26
    • RBR40, running firmware versions prior to 2.3.5.30
    • RBS40, running firmware versions prior to 2.3.5.30
    • RBK40, running firmware versions prior to 2.3.5.30
    • RBR50, running firmware versions prior to 2.3.5.30
    • RBS50, running firmware versions prior to 2.3.5.30
    • RBK50, running firmware versions prior to 2.3.5.30

    So it appears then that if you have 2.3.5.30 or higher, like 2.5.1.8 you should be good.

    • FURRYe38's avatar
      FURRYe38
      Guru - Experienced User
      Mar 07, 2020

      If users are concerned, please contact NG support or a forum moderator.

      Blanca_O 

      Christian_R 

    • CrimpOn's avatar
      CrimpOn
      Guru - Experienced User
      Mar 08, 2020
      theoak wrote:

      So with regards to the Orbi's it lists:

       

      • RBR20, running firmware versions prior to 2.3.5.26
      • RBS20, running firmware versions prior to 2.3.5.26
      • RBK20, running firmware versions prior to 2.3.5.26
      • RBR40, running firmware versions prior to 2.3.5.30
      • RBS40, running firmware versions prior to 2.3.5.30
      • RBK40, running firmware versions prior to 2.3.5.30
      • RBR50, running firmware versions prior to 2.3.5.30
      • RBS50, running firmware versions prior to 2.3.5.30
      • RBK50, running firmware versions prior to 2.3.5.30

      So it appears then that if you have 2.3.5.30 or higher, like 2.5.1.8 you should be good.

      Yes.  Good.  Scared the crap out of people for no good reason.