NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

AliWay's avatar
AliWay
Aspirant
Jan 04, 2023
Solved

Security Breach-Denial of Services

I have found on Bleeping Computer (https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/) the fact that my router is now under vulnerability for a denial of services and pre-authentication buffer overflow vulnerability. I've gone to the website for the 'latest patch' on the CAX30 and nothing on the firmware changed as for version or updates.

 

Since Netgear will take no responsibility for this compromise, and I as a customer am trying to update the router, where is the patch located?  https://www.netgear.com/support/product/cax30.aspx#download is not it. 1.4.11.2 is what is on there now. This hasn't been the update since 11/2022 this is 1/23 and the news just broke. So Netgear, please advise what a consumer is to do now.

Please advise!

AliWay

  • So how do you know NG won't take responsibility? Kind of presumptuous of you isn't it. Since this article just didn't break today...dated 12/29/22. 


    Add to the fact that the CAX30 is NOT on that list...don't see how this issue is valid nor a Security Breach on the CAX30. 

     

4 Replies

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User

    So how do you know NG won't take responsibility? Kind of presumptuous of you isn't it. Since this article just didn't break today...dated 12/29/22. 


    Add to the fact that the CAX30 is NOT on that list...don't see how this issue is valid nor a Security Breach on the CAX30. 

     

    • AliWay's avatar
      AliWay
      Aspirant

      They (Netgear) said they take no responsibility. I just found out the CAX40 is the one affected. So thanks for drawing that to my attention.

      • FURRYe38's avatar
        FURRYe38
        Guru - Experienced User

        ""NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification." is what that article posted. 

         

        CAX40 is not a valid model. There is only the CAX30 and CAX80.