NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
CSRF/LocalFile/XSS product Vulnerability
Netgear CM600, I was wondering if the CSRF / LocalFile / XSS product vulnerability has been fixed yet? I bought one and it has firmware version V1. 01.05
v1.01.05 has that vulnerability. It was first reported by Netgear in late Fall 2015. In December 2015 Netgear started giving fixed firmware to some cable MSO's (Comcast first if I recall). I am on Time Warner Cable (now Spectrum), and that MSO three months ago JUST approved the Netgear patched firmware for the CM600 (on TWC/Spectrum that is v1.01.12). Sadly the policy for my cable MSO is they no longer push firmware updates to consumer-owned modems, even if there are known security vulnerabilities.
I checked and the current firmware for other ISPs is V1.01.06 . I use Suddenlink. I contacted Suddenlink twice and they stated they could not update the firmware. On the 3rd time the Tech said he attempted to update the firmware but when I rebooted I still had v1.01.05 So they were unable to update my firmware. Should I be concerned. Has the latest firmware been pushed to Suddenlink?
Here is the KB to the latest firmwares via ISP
DarrenMDarrenM
Yes that is the KB I saw and that I was referring to that got me started on the quest to redeem my firmware. Any idea if this has been pushed to Suddenlink, which is my ISP.
After not being able to resolve this issue via Netgear or my ISP Technical support I returned the product and bought an Arris Surfboard SB6190.
