NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

GTGeek88's avatar
GTGeek88
Guide
Feb 17, 2016
Solved

glibc vulnerability CVE-2015-7547

Is the R7000 vulnerable to the "new" glibc vulnerability indexed as CVE-2015-7547?   For reference: http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-d...
Security
  • ElaineM's avatar
    ElaineM
    Mar 01, 2016

    Update:

     

    As of this writing, our engineers confirmed that the following products are not vulnerable.

     

    - DSL Gateways

    - Cable Gateways

    - Extenders

    - Powerline

    - Routers

    - Security firewalls and VPN software

    - Switches

    - 11ac Access Points

     

    We will provide another update as we complete the review of other products.

rockfish's avatar
rockfish
Tutor
Feb 29, 2016

This isn't a difficult question.

The routers are either vulnerable or they aren't.  If they aren't, great.  If they are, when will they be patched?

  • mediatrek's avatar
    mediatrek
    Virtuoso
    Mar 01, 2016

    I agree it is a simple question. The last security hole in their routers that were across numerous models was the Kcode NetUSB module vulnerability. That took Netgear more than 6 months to get patched firmware out for most affected models. Many models they did not patch as they were EOL. Even though, when the vulnerability was known of in April 2015 and some models were still being sold on store shelves (ie- WNDR4300v1, WNDR3700v4), they still did not patch those models.

     

    Long story short-- even ifsomeone from Netgear acknowledges what products are vulnerable, you most likley can not expenct patched firwmare for more than 4 to 8 months down the road.