NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NETGEAR Routers and CVE-2016-582384 security vulnerability
I am a bit concerned about this recent article: http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/ https://www.kb.cert.org/vuls/id/582384 Details: Overview Net...
NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384We now have beta firmware containing fixes for some affected models.
We're working hard on fixes for the other affected models and will update the security ticket above soon.
**** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****
To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements.
Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.
NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page. We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues. When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.
Security Advisory for VU 582384 knowledgebase article.
NETGEAR Product Security Advisory page.
timetorebel wrote:So you admit not a solution?
That's pretty obvious when you read the Security Advisory that post links to.
timetorebel wrote:And I am not sure what to think about announcement of the dedicated security email.
That's the best way to make sure a report gets to the security advisory team ASAP.
timetorebel wrote:I hope it isn't a way to deflect those voicing security concerns from the spotlight on these public forums.
That's not the purpose at all. We value free and open discussion on our community.
In one of the other threads a user asked for a thread to be closed, but we've left it open.
The Security Advisory has been updated with more information and beta firmware for some affected models.
I tested my D6400 and it is also vulnerable, your security notice only mentions the R6400 so please dont forget the DSL versions of the same routers too.
zipcard wrote:
I tested my D6400 and it is also vulnerable, your security notice only mentions the R6400 so please dont forget the DSL versions of the same routers too.
Which firmware do you have on the D6400?
Looks like they released beta firmware that fixes just this vulnerability.
What is suggested...flash to beta or wait for a released version.?
I have not run beta firmware before. Have people had good luck with beta?
In general beta firmware can be hit or miss. Sometimes it is just fine, sometimes it introduces new problems. (I've seen that in beta tests of new hardware.)
Firmware rarely, if ever, kills a device so long as you let it complete the process. That's why some people advise against doing regular updates over wifi, which probably won't apply in this case.
Before you flash, you should retrieve and file away a copy of the current firmware. You can then flash back to that if you have problems.
It is often also advisable to reset your hardware to the factory settings after the firmware flash. That isn't always needed. (Perhaps someone can advise if the changes with these updates requires a reset.)
It is up to you to decide to use it. If you are seriously worried about this vulnerability, then do it. If not, hang on until a few other people have tried it.
It's up to you.
You can try the beta if you like or you can wait. In the unlikely event you have issues as a last resort you should be able to put the non-beta firmware back on and do a factory reset.
Beta firmware will have undergone some basic testing but not the full QA cycle.
I just flashed the new beta firmware and I'm obviously still connected to the internet. So far I've not had any issues. R7000 router.
michaelkenward wrote:
zipcard wrote:I tested my D6400 and it is also vulnerable, your security notice only mentions the R6400 so please dont forget the DSL versions of the same routers too.
Which firmware do you have on the D6400?
I have firmware V1.0.0.54_1.0.54 installed.
When I run the test it comes back with a page listing linux os version and other bits of info, if your unaffected it should be blank or give an error so I assumed the D series are also vulnerable.
and it's very public now: http://fortune.com/2016/12/12/netgear-router-models-critical-vulnerability/
Hopefully we see an R7800 FW soon
"" Acew0rm alerted Netgear to the problem on Aug. 25, but never heard back, the researcher told Fortune in a direct message on Twitter. So four months later, Acew0rm took the find public ""
If that doesn't sum up Netgears support (or lack of) with Firmware updates, I don't know what does!
