NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NETGEAR Routers and CVE-2016-582384 security vulnerability
I am a bit concerned about this recent article: http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/ https://www.kb.cert.org/vuls/id/582384 Details: Overview Net...
NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384We now have beta firmware containing fixes for some affected models.
We're working hard on fixes for the other affected models and will update the security ticket above soon.
**** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****
To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements.
Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.
NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page. We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues. When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.
Security Advisory for VU 582384 knowledgebase article.
NETGEAR Product Security Advisory page.
Count me in. Just bought this in July, and all Netgear can say is "uh, we know you spent $200 in this, but you shouldn't use it anymore"?
I hope this changes soon
I hope this changes soon
For R7000, there are options... Go here and load this firmware. Easy instructions on top page. Problem solved..
Sure, I could do something like that, but I would suspect that puts me out of support for this router. Not to mention I am one level behind because I don't want to run my arlo base station, my router manages the cameras. Really wish they would keep that going with newer builds. I am hoping that NetGear can add a comment here, saying they are at least aware and working on a fix. I'd rather know that they are going to do something, before putting a different os on the router. But thanks for that link. Question, did you attempt to load that on your router? Are you running that build now?
When you bought the r7000 did it advertise the Arlo option?
Also I used the suggested FW without a problem.
No it wasn't. It was a nice suprise with a firmware update, that they removed in the build shortly after. So you flashed out of your netgear OS on your router, using that link provided?
3v3ntH0riz0n wrote:Sure, I could do something like that, but I would suspect that puts me out of support for this router. Not to mention I am one level behind because I don't want to run my arlo base station, my router manages the cameras. Really wish they would keep that going with newer builds. I am hoping that NetGear can add a comment here, saying they are at least aware and working on a fix. I'd rather know that they are going to do something, before putting a different os on the router. But thanks for that link. Question, did you attempt to load that on your router? Are you running that build now?
I have 3 R7000's loaded with I believe 380_6.2.1. Used various version of Auswrt-Merlin firmware for a couple of years, with no issues. All 3 R7000's are powered off and up for sale now. I am running Unifi WAP's and a bunch of Ubiquity devices (router and switches). Grew tired of the home router consumer niche..
Very difficult if not impossible for 99% of Netgear customers (Costco, Amazon, Wal-Mart, Target shoppers) to comprehend and implement. Vendor solution is needed.
Agree. Especially since there were a lot of discounts on this item since black friday and articles telling consumers its one of the best devices you could buy at the time.
