NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

sena71's avatar
sena71
Tutor
Oct 24, 2019

MR1100

Everytime I SSH into my MR1100 I get a kick out of the banner i have set.

 

Like c'mon it's ridiculous isn't it? 

 

Why does Netgear keep saying there is no problem, let alone do something to fix it? To make things worse, there is no mechanism to meaningfully slow down web password bruteforcing.

 

If I have to explain why arbitrary code execution is so bad to you guys, i guess it really is hopeless.

1 Reply

  • https://i.imgur.com/9fvvu6G.png 

     

    Though I will say, it's clever to block off access to the Qualcomm Diagnostic port by designing your drivers to render the port useless even if it's enabled if a PID of 68E1 showed up and only enumerating the actual ports when 68E2 is presented.

    Still, on one hand I'd say letting an arbitrary code execution exploit ship and then denying one exists isn't very cash money of you but on the other hand, I kinda hate it when companies deny power users the power of the Linux shell of inside of a product they paid "cash money" for for so honestly it's a wash 

    ¯\_(ツ)_/¯