NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

RJR805's avatar
RJR805
Follower
Apr 26, 2026

MS510TXM Firmware authenticity validation

Netgear does not digitally sign firmware updates nor are any hash values (such as SHA-256) provided for the firmware.  This seems very irresponsible and highly unprofessional.  It makes it essentially impossible for a customer to validate the authenticity of the firmware.

 

Why doesn't Netgear provide these basic protections for their customers?

easy plus and smart

1 Reply

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Apr 28, 2026

    Let's change the sorting...

     

    RJR805 wrote:

    nor are any hash values (such as SHA-256) provided for the firmware

     

    Indeed, this would be something simple Netgear could do.. As part of the firmware upload, the release notes are added - in a third step, SHA1, SHA-256 and for the sake of it also MD5 checksum might be added in an additional section.

     

    Reality check? How many admins or operators are effectively comparing the downloaded firmware image with the checksums? They often don't even consult the release notes - this reflects often in posts on the community.

     

    The only effective method would be making digital signature an integrated part with the image - not requiring and operator intervention, therefor...

     

    RJR805 wrote:

    Netgear does not digitally sign firmware updates

     

    ..it's not so simple and straightforward as it appears on a green field.

     

    In an ideal world world of Digitally Signed Software and Images:

    • Confirming the publisher's identity
    • Ensure that the software has not been altered or corrupted since it was signed.
    • Prevent malicious modifications, unauthorized updates, and protects against counterfeit firmware.
    • Typically involves using a private key to create a signature that is verified by the device or system upon installation or execution.
    • Whatever is launching the switch image - typically the bootloader

    I can already hear the whining that people don't want nether their core switches, nor any other switch, ever be able talk to the outside world - so the ideal standardized X.509 way might be quickly out of scope: 

     

    1. The bootloader must be enabled to start the switch from the signed image.
    2. The signature, and ideally the complete image should be retained on the switch - this would allow the validation and revalidation at any time
    3. The boot loader does have to check the digital signature
    4. Ideally, the boot loader does check the image signature at boot time, and notifies the admin on the console, by SNMP, by syslog, ...
    5. The boot loader should allows starting an image with a signature, that can't be validated.

    Needless to say, even the boot loader requires a bottom-up redesign - otherwise a chicken-and-egg problem is waiting around the door.

     

    For a correct handling, there is a longer chain requiring bottom-up design changes.  Without, even a properly signed image won't help much.

     

    Needless to say, e.g. Cisco does drive many of these almost to perfection - at massively higher cost per unit, and running cost per year -> 

    https://www.cisco.com/c/en/us/td/docs/dcn/whitepapers/cisco-trustworthy-technologies-nexus-9000.html 

     

    Just my 2cents...

    -Kurt.

     

    PS. Starting at the effective grounds, you might have realized your post was moved by a moderator from the Managed Switches section to the Easy Smart, Plus, and Smart Switches section.

     

     

     

     

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More