NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

3v3ntH0riz0n's avatar
3v3ntH0riz0n
Apprentice
Dec 09, 2016
Solved

NETGEAR Routers and CVE-2016-582384 security vulnerability

I am a bit concerned about this recent article: http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/ https://www.kb.cert.org/vuls/id/582384 Details: Overview Net...
backdoor
Firmware
injection
R7000
Security
vunerable
  • mdgm-ntgr's avatar
    mdgm-ntgr
    Dec 12, 2016


    NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384

     

    We now have beta firmware containing fixes for some affected models.

    We're working hard on fixes for the other affected models and will update the security ticket above soon.

     

    **** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****

     

    To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements. 

     

    Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.

     

    NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page.  We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues.  When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.

     

    Security Advisory for VU 582384 knowledgebase article.

    NETGEAR Product Security Advisory page.

     

     

Unfiltered1's avatar
Unfiltered1
Tutor
Dec 14, 2016

Netgear has fessed up to Tom's Hardware:

 

"This vulnerability, which has come to be referred to as VU 582384 was overlooked in our review process. We initially became aware of this vulnerability last Friday, December 9th, when CERT emailed us, and because we had no record of a prior report, began our standard process of validating prior to making any public statements. Once it had been disclosed that the first notification occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process. "

 

http://www.tomshardware.com/news/netgear-responds-security-issue-routers,33199.html

tivoboy's avatar
tivoboy
Guide
Dec 14, 2016

I alwasy love updates that require resetting ALL settings before doing the update.  anyone have any tips for how to capture all the settings that are changed to make it easier to re-populate?

 

I have so many IP assignments, port forwarding, QOS, etc.. PIA for sure

  • michaelkenward's avatar
    michaelkenward
    Guru - Experienced User
    Dec 14, 2016
    tivoboy wrote:

    I alwasy love updates that require resetting ALL settings before doing the update.

     

     

    Neat, isn't it?

     

    Remember, these requirements are often "advisory".The "factory reset" thing depends on the severity of the changes that the firmware has inflicted on your hardware.

     

    You can try other ways of doing it.

     

    Here's my strategy, developed after beta testing various bits of kit:

    • save (backup) settings
    • flash firmware

    If that works and you see no problems, great. If not, and something doesn't work, you may have to reset the device to the default settings:

     

    • save (backup) settings
    • flash firmware
    • set to factory settings
    • retrieve settings from backup

     

    If that works and you see no problems, problem fixed! If not:

     

    • save (backup) settings
    • flash firmware
    • set to factory settings.
    • reconfigure everything

     

    If that fails, then I fear that you may have to flash back to earlier firmware.

     

    In this case, run the vulnerability test to check if the thing is fixed and if you need to go through the factory reset.

     

     

     

     

     

     

     

     

    • ChrisNoonan's avatar
      ChrisNoonan
      Tutor
      Dec 14, 2016

      What a grand opportunity for Netgear right now!

       

      They are responding and appear to be taking a sound and responsible approach .... these things always take longer than the least anxious person expects ...

       

      And the grand opportunity is to ensure the community is well served .... and to ensure the issues don't impact business materially .... time to think about dropping warranty limits and forgetting service revenues to make sure the community is well served and the vulnerabilities are expunged ... even on models and products, such as range extenders, which are not yet proven to be affected ....

       

      What a grand opportunity!

      • mdgm-ntgr's avatar
        mdgm-ntgr
        NETGEAR Employee Retired
        Dec 15, 2016
        ChrisNoonan wrote:

         

        And the grand opportunity is to ensure the community is well served .... 

        We have striven to keep the community up to date on our investigation.

        ChrisNoonan wrote:

         time to think about dropping warranty limits and forgetting service revenues to make sure the community is well served and the vulnerabilities are expunged ... even on models and products, such as range extenders, which are not yet proven to be affected ....

        Hardware warranty applies to hardware, software warranty applies to software issues, but when it comes to security we have a process described on our NETGEAR Product Security Advisory page for reporting what you consider to be a security issue. When emailing us as per those instructions the warranty status of your device is irrelevant.

  • alokeprasad's avatar
    alokeprasad
    Mentor
    Dec 14, 2016

    Save (and restore) settings from the settings-backup file

     

    Take pictures of the important screens (the old-fashioned way of backing up).