NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
npchilds
Dec 12, 2016Aspirant
New vulnerability discovered affecting Netgear routers
I have an N900 WNDR4500v2 Router running the most current version of firmware. Is it vulnerable to the cracks announced last week (approx. Dec. 8-9)? Thanks, NPC
- Dec 12, 2016
It's not listed as one of the known affected systems.
NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, R8000 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384
We now have beta firmware containing fixes for some affected models.
We're working hard on fixes for the other affected models and will update the security ticket above soon.
There's any easy check to see if you're affected which involves checking what you see when visiting a URL on your router.
parac
Dec 15, 2016Aspirant
I am using an R6400 I got during a beta test a while ago. Can I update it with this firmware and other production firmware versions in general?
mdgm-ntgr
Dec 15, 2016NETGEAR Employee Retired
parac wrote:
I am using an R6400 I got during a beta test a while ago. Can I update it with this firmware and other production firmware versions in general?
Yes, I'm running the latest beta firmware for the R7000 on my beta R7000 unit. So you should be able to run the latest beta firmware for the R6400 on your beta R6400 unit.
Note though that beta test units may not work with 3rd party firmware as 3rd party firmware is typically not tested on beta test units. So I would stick with NETGEAR firmware on beta test units.
- Network_Guy_2Dec 15, 2016Initiate
Hi I'm using a Netgear Nighthawk X4S (R7800) with the LATEST V1.0.2.12 firmware, and have been reading about this serious security vulnerability. When I execute the command:
http://[router-address]/cgi-bin/;uname$IFS-a
or
http://[router-address]/cgi-bin/;ls
or
http://[router-address]/cgi-bin/;killall$IFS’httpd’
with my router's IP address properly inserted, the router ALWAYS returns a single "0" character (without the quotes). It is therefore NOT responding to the Linux/UNIX command injection via the web browser URL. Is my router vulnerable? Again, I am using the R7800 with the latest V1.0.2.12 firmware, and it is returning a "0" to ALL the above commands in the browser, instead of executing the command. Some information on the Internet indicates that the R7800 IS vulnerable, but Netgear doesn't indicate it is. However, my opinion is NO, because it gives me a "0" response to all my command injection attempts.
- ElaineMDec 15, 2016NETGEAR Employee Retired
- Network_Guy_2Dec 16, 2016Initiate
ElaineM: I read that security advisory already. It is a little vague, which is why I asked my question. Please note the text:
"NETGEAR has tested the following products and confirmed that they are vulnerable"
My product is NOT in the list, but that COULD mean that NETGEAR hasn't tested it and/or confirmed its vulnerablity for this security flaw. What it sounds like you are saying is that:
Netgear HAS tested and CONFIRMED that the Netgear R7800 router with the current firmware I am using is NOT vulnerable. Is that correct? I don't want any ambiguity here.