NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
WARNING Vulnerability ID: NON-2015-0211 on my Netgear Router WNR2000v3 Please help
I scanned my MacBook with the avast antivirus and the network Scan a vulnerability which I was searching online to fix additional solution yet this is what I found on PCWorld website
At first glance, sending requests to this SOAP (Simple Object Access Protocol) service requires an authenticated session. However, Adkins discovered that sending HTTP requests with a blank form and a “SOAPAction” header is enough to extract sensitive information from a vulnerable device.
The information that can be extracted includes the administrator password; the name and access keys for the wireless networks configured on the device, and details about the device including its model, serial number and firmware version.
Adkins confirmed that Netgear WNDR3700v4, WNDR3700v4, WNR2200 and WNR2500 devices are vulnerable. However, because of the flaw’s location, other devices, including WNDR3800, WNDRMAC, WPN824N and WNDR4700, might also be affected, he said.
This was posted on the 16 February 2015 and today is October 22 2015 and I was just wondering if this was going to be fixed or not because I search everywhere no one has A answer to fix This I need to know please I don't want my information to be on the Hacker world. i like my netgear router but i am afraid to use it now I need to know if I need to change router Brands Thanks
By the way this is the link of 1 of the few posts that talks about this vulnerability
Daniel272829 I would like to inform you that we have released the firmware that fixes SOAP vulnerability.
To upgrade, click here.
Thank you for you for being a loyal NETGEAR customer.
62 Replies
My guess is based on Netgear's response to other security vulnerabilities in their product firmware they have been made aware of is that they will IGNORE the holes and use the excuse that they labeled the product as EOL (End of Life) status. The WNR2000v3 is EOL status.
They recently did this with the ReadyShare (Kcode NetUSB module) vulnerability with a number of models that still were on big box store shelves even as soon as two months ago. (ie- WNDR4300v1 @ Target, Staples, etc). Netgear just wants you go out out and buy a new router that has the security hole patched. It is so sad and why I have stopped placing Netgear on the top of my router brand recommendation list.
NETGEAR is working on a new firmware release for WNR2000v3 to address this potential security breach. This new firmware should be available in the next few weeks. We will let you know as soon as we receive a firm release date and notify you as soon as it becomes available.
In the meantime, to avoid this potential security breach, NETGEAR recommends that you ensure Wi-Fi security is turned on (this is the default setting on NETGEAR routers & gateways) to prevent unauthorized devices from joining your network. NETGEAR also recommends that you ensure remote management is turned off (this is also a default setting on NETGEAR routers & gateways) to prevent unauthorized devices from accessing your network from the WAN.
Thank you for being a loyal NETGEAR customer.
Daniel272829 I would like to inform you that we have released the firmware that fixes SOAP vulnerability.
To upgrade, click here.
Thank you for you for being a loyal NETGEAR customer.
Is this firmware update going to make it to other routers? I have the same vunerabilty with wndr3700v2. Really need a firmware update ASAP.
Thanks for your reply i really appreciate it. but this update did not patch the vulnerability here is the latest status vulnerability check on a mac running IOS El Capitan 10.11.1 (15B42)
Thank you for the screenshot.
Let me forward this to our engineering department and I will get back to you.
I am getting this message from AVAST too, I have DGN 1000v3, Router Firmware Version
V1.0.0.1_0.0.24, windows 10
Hello, I also got this message today from Avast on my WNR1000-V2 router from Comcast.
Hello Makelly
Have you make sure you are on the latest firmware that fixes some vulnerability here is the link to that firmware if you do not currently have it .
http://kb.netgear.com/app/answers/detail/a_id/30024
DarrenM
Will this firmware work on a v1 router? I never got any follow up to the request for contact details (which I provided via PM) and mine remains unresolved. Post #20 or thereabouts contains my firmware version....
Hello! I am a new member of the community that just registered and I too have been experiencing this error when running a network scan on my avast software. Even with the firmware upgrade I completed, I am still receiving the error message that I am attaching to my post. I tried downloading the fix here but I keep getting a message saying that the file is corrupted.
I really appreciate the help because I want to do everything I can to make sure my software is safe from hackers/attacks!
Thank you in advance!
I wanted to double check on the thread to see if there is any answers to our concerns. I posted my reply the other day but so far I haven't received any help from a Mod.
Hello Dark_knight16
I am having this looked into I will let you know once I hear back on the problem.
DarrenM
Avast reported the same problem on my Dell. I had been using Panda but among other fixes I switched to Avast. The Dell is connected to a Mac wirelessly via a Netgear N300 router with firmware v1.0.0.50, which is the last firmware compatible with my Mac OS 10.6. I bought this router about six months ago. I do NOT want to buy another.
Second, I received a phishing email allegedly from ATT on Christmas Eve claiming that they had monitored spam coming from my IP address. I called ATT and they said it was a fake email, that they didn't send that kind of email, and that my account number was listed incorrectly on the email. I made a lot of fixes, scans, changing passwords and so on, but then two days ago the phone line went out. I have two lines and one was out all of yesterday until today. Today it works and I connected. I don't know why. As far as I know the ATT guy hasn't yet come out to fix the phone line, which ATT said had a short in it. I was unable to get a dial tone until about ten minutes ago.
Please let me know as soon as possible whether my router has in fact been hacked, as Avast claims, and whether I will need to buy a new router.
Any firmware updates for the WNR1000V2 to fix this SOAP vulnerability yet?
The WNR1000v2 is an EOL (end of life) product. Netgear 99% of the time does not release new/patched firmware for EOL products even if there are known security holes (vulnerabilities). Basically Netgear wants you do go buy a new router to eliminate the security vulnerability. In other words; do not hold your breath for patched firmware.
I've got the v1 version and have had it confirmed that due to it being 'EOL' there will be no new firmware. Seems a bit cheeky that a vulnerability built in to the device isn't seen as sufficient reason to offer a new firmware version if significant numbers of customers are asking for it.
Since it appears a new device is the only way to address the vulerability I'll be off to buy a product made by someone else, on principle. They'll probably prove just as bad at some point in the future, but I detest the attitude that results in a perfectly functional device ending up in the bin.
I am still experiencing this issue with my router (Model WNR2000v3). I still haven't heard anything about a fix and I am growing frustrated with this. It was fine for a full two weeks before I started to get the same message again and I would like for someone to help me with this. I may just wind up getting a brand new router if I don't get a response about this. This is very frustrating.
How about Russian people with device WNR612v2 and firmware V1.0.0.3_1.0.2RU? Same problems with Avast since december 2015.
:)
RussianPeople Unfortunately, that model has also been EOL for a long time. Therefore, there will be no firmware updates for it.
That sadly, cause my router great!:robotsad:
I ran a check on AVAST and it came back with vulnerability warnings.The resolution said to upgrade my firmware software but I have the latest so that is no help. If one of you know what to do I would appreciate it very much.
Patom I suggest that you report it at https://bugcrowd.com/netgear.
I tried the link and could not find a place to report my problem. I am not loking to report I am looking to fix my problem.
Patom
