NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

eierughdf's avatar
eierughdf
Tutor
Jul 09, 2023

CVE issues with SXR80

i had chose netgear when buying the SXR80 because it seemed they put out regular firmware updates for the life of the products. Well this year i've not seen any firmware updates for the Orbi SXR80 been on 4.2.3.102 since it was released. So what is netgear going to do about CVE issues with their software? I'm very disappointed they are not taking security seriously and addressing these issues.

8 Replies

  • eierughdf's avatar
    eierughdf
    Tutor
    Jul 09, 2023

    Correction, not CVE issues but these are security issues that should be fixed:

    Missing 'Secure' Cookie Attribute (HTTP)
    Missing 'HttpOnly' Cookie Attribute (HTTP)
    DNS Cache Snooping Vulnerability (UDP) - Active Check
    SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
    SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability

     

    also update openSSL and certs so that your VPN works with the latest version
    of openVPN without havinng to enable legacy settings.

  • quagmire1's avatar
    quagmire1
    Luminary
    Jul 09, 2023

     I share your disappointment.  There has not been an update for the SXx80 since October 2022.

     

    I have been looking at potential replacements. The one I'm looking at has this statement as part of its description:

    "[Brand X] guarantees software updates for this product will be provided until Dec 2027."

    (It would be rude, on Netgear's own web site, to tell you which brand.)

  • BruceGuo's avatar
    BruceGuo
    NETGEAR Expert
    Jul 09, 2023

    Hi Eierughdf,

     

    We are working on next SXK80 firmware release v4.3.2.x, which will include known security bugfix. We target to release by mid of Aug. We are still maintaining firmware for critical issues and security issues. 

     

    Thanks

    Bruce

    • eierughdf's avatar
      eierughdf
      Tutor
      Jul 09, 2023

      Nice to hear that news but i will say in closing that Netgear's actions with regards to firmware updates will determine if i stay with netgear or drop netgear when i eventually have to replace these.   FYI, your VPN does not work with Fedora FC38 unless the security policy is set to legacy.  not a good look for netgear.

      • TSpitzmann's avatar
        TSpitzmann
        Guide
        Jul 10, 2023

        I agree to eierughdf, but in addition I want to emphasise that it would be even more important for Netgear to serve these products with more frequent updates, because these products are the business line and not private use/ family products.

        Given this fact priorities for these devices need to be higher than (business) customers currently experince.

         

         

    • Chrisduk's avatar
      Chrisduk
      Guide
      Aug 29, 2023
      When is this firmware out? It’s now the end of August and September in a few days

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More