This morning (21 June 2017), I received an E-mail message with the Subject: "Important Security Update from NETGEAR: New Firmware Is Available for Your Product". For the following two reasons, I suspect this is a fake. 1. Nowhere in the Netgear Web site can I find any reference to a late June report of a security vulnerability. 2. When I open my router configuration, select Advanced and then check for updates, none are found. Is this a real message from Netgear? If yes, why cannot I find the update? If not, I have saved the message if Netgear would like to investigate.

The origiinal message source indicates the message was sent from a server with the IP address 136.147.187.62. A WhoIs query indicates that IP address belongs to either Salesforce.com, Inc. in San Francisco or else ExactTarget, Inc. in Indianapolis. According to Wikipedia, ExactTarget was the original name of Salesforce.com; but neither is connected to Netgear. The return E-mail address domain was NOT netgear.com but e.netgear.com. A DNS lookup for netgear.com yields the IP addresses 54.200.99.0 and 54.218.118.186, both of which belong to Amazon. A DNS lookup for e.netgear.com, however, yields the IP address 68.232.201.28, which belongs to ExactTarget. Since the US-CERT (an agency of the United States Department of Homeland Security) has not reported a Netgear security vulnerability for June, this whole mess smells.

I just remembered that I have a toll-free phone number for Netgear's technical support. I called them. The technical support person said he thinks there really is an update and that the message is legitimate. I replied that, when I tried to get an update through my installed Netgear Genie, I got the message that there is no new update available. He said that I should wait 2-3 days. In the meantime, I finally navigated to Netgear's firmware download page for my router. My current version (updated over a year ago) is still listed as the latest version. My strong recommendation is that updates should only be obtained through the Netgear Genie (or whatever your local router user interface is called) and definitely NOT through any E-mail message.

I received one of these as well. Is it legit? The sticker on my router says model B90, but the email says model WNR2000v3.

I have received the same email but want to know if it is a scam before doing anything

The email was sent from a Netgear IP address, so I'm guessing it's legitimate. However there was no new firmware update or security patch for my PR2000. Seems like a major screwup by Netgear. However there is no method of contacting their support dept and I really doubt their staff even looks at these forums. I doubt we'll ever have an answer. EPIC NETGEAR SUPPORT FAIL. I'm really interested in the security vulnerability, I don't want to be exposed to attack.

Security Update from NETGEAR? | NETGEAR Communities

12 Replies

thenry
Aspirant
Jun 21, 2017
I received one of these as well. Is it legit?

The sticker on my router says model B90, but the email says model WNR2000v3.
HCE
Aspirant
Jun 21, 2017
I have received the same email but want to know if it is a scam before doing anything
- User8472
  Aspirant
  Jun 21, 2017
  The email was sent from a Netgear IP address, so I'm guessing it's legitimate. However there was no new firmware update or security patch for my PR2000. Seems like a major screwup by Netgear. However there is no method of contacting their support dept and I really doubt their staff even looks at these forums. I doubt we'll ever have an answer. EPIC NETGEAR SUPPORT FAIL.
  
  I'm really interested in the security vulnerability, I don't want to be exposed to attack.
  - DERoss
    Apprentice
    Jun 21, 2017
    The origiinal message source indicates the message was sent from a server with the IP address 136.147.187.62. A WhoIs query indicates that IP address belongs to either Salesforce.com, Inc. in San Francisco or else ExactTarget, Inc. in Indianapolis. According to Wikipedia, ExactTarget was the original name of Salesforce.com; but neither is connected to Netgear.
    
    The return E-mail address domain was NOT netgear.com but e.netgear.com. A DNS lookup for netgear.com yields the IP addresses 54.200.99.0 and 54.218.118.186, both of which belong to Amazon. A DNS lookup for e.netgear.com, however, yields the IP address 68.232.201.28, which belongs to ExactTarget.
    
    Since the US-CERT (an agency of the United States Department of Homeland Security) has not reported a Netgear security vulnerability for June, this whole mess smells.
UKuser
Aspirant
Jun 24, 2017
So have I.
I live in the UK - unable to find any phone number for netgear to check if it is a scam.
Tried several times to make a new post without success - just a message saying try again later - I suspect they are overwhelmed with concerned users and just can't cope.
Get some phone contact netgear or you will lose business.
Customer service = pathetic.
- netwrks
  Master
  Jun 24, 2017
  UKuser wrote:
  So have I.
  I live in the UK - unable to find any phone number for netgear to check if it is a scam.
  Tried several times to make a new post without success - just a message saying try again later - I suspect they are overwhelmed with concerned users and just can't cope.
  Get some phone contact netgear or you will lose business.
  Customer service = pathetic.
  
  No need to call. Just go here: https://www.netgear.com/support/ - Plug in you router name and check to see if there is a new fw version..

Forum Discussion

Security Update from NETGEAR?