NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Safe from hackers
I've recently suffered a 110GB hack and am wondering on the best adjustment to my Netgear Genie to prevent this happening again. Thanks.
Hi there ElaineM, thanks for your reply, sorry for the delay. It's actually all good now on a couple of fronts. Firstly the Remote Management is disabled. I just didn't see the "master" switch in the top left hand corner of the window (so it doesn't matter which option I've taken in the main space below). Secondly I had a couple of technicians look over my network with a malware scan and it appears that my hack was just a delayed update of my son's X-boxes (we had no idea that they could be so huge). So thanks again. All good for now.
Thank you very muc. I have done those though they probably could be stronger. I was wondering if the Advanced/Advanced Setup/Remote Management also needs to be reset from "everyone" to "only this computer". I have actually tried this using the IP address for my computer taken from the attached devices list under Basic/Attached Devices but it kept saying that it was an "invalid IP address". So I've left it back on "everyone" wondering if this leaves my network vulnerable, it certainly sounds it. Is this the case and is there a way of providing a valid IP address to confine the remote management to just my computer? Or is it not important in the safety of my network? Thanks again.
It's recommended that Remote Management should be disabled.
What kind of IP address is that? Can you PM me the IP address?
I'll try to replicate it on my end. By the way, what's the model number of your NETGEAR router?
ElaineM wrote:It's recommended that Remote Management should be disabled.
What kind of IP address is that? Can you PM me the IP address?
I'll try to replicate it on my end. By the way, what's the model number of your NETGEAR router?
Is there a plan to remove remote management altogether as a feature since it doesn't seem to be a feature that's working out for you guys except as a suggestion to turn it off to feel safer when the next vulnerability hits? And does disabling remote management protect from bad websites or ads that are crafted to exploit known vulns?
https://www.kb.cert.org/vuls/id/582384
"Netgear R7000 and R6400 routers and possibly other models are vulnerable to arbitrary command injection.
[...]
Impact
By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers."Granted the router models affected by that exploit are apparently limited and turning remote management off is an excellent idea, but bad stuff could still happen even without the nightmare that is remote management.
So can I say to myself that I will be peachy keen because at least I have remote management shut off?
And what say you to those customers who might benefit from remote management? It's an offered feature, but they dare not enable it. Why? Because doing so might open the portal to hell? Could Netgear perhaps look into making their routers safe enough that remote management or bad websites geared toward known exploits are a thing of the past? Is that too much to ask?
NETGEAR is aware of the security issue #582384 affecting R6400, R7000, R8000 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384
We're working hard for a fix and will update the security ticket above soon.
mdgm wrote:
NETGEAR is aware of the security issue #582384 affecting R6400, R7000, R8000 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384
We're working hard for a fix and will update the security ticket above soon.Yeah not sure if you attempted to address MY concerns but thanks for trying I guess?
Hi there ElaineM, thanks for your reply, sorry for the delay. It's actually all good now on a couple of fronts. Firstly the Remote Management is disabled. I just didn't see the "master" switch in the top left hand corner of the window (so it doesn't matter which option I've taken in the main space below). Secondly I had a couple of technicians look over my network with a malware scan and it appears that my hack was just a delayed update of my son's X-boxes (we had no idea that they could be so huge). So thanks again. All good for now.
And just a reminder, we regularly update the Security Advisory for VU 582384.
For more information, please see the link below.
