NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

3v3ntH0riz0n's avatar
3v3ntH0riz0n
Apprentice
Dec 09, 2016
Solved

NETGEAR Routers and CVE-2016-582384 security vulnerability

I am a bit concerned about this recent article: http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/ https://www.kb.cert.org/vuls/id/582384 Details: Overview Net...
backdoor
Firmware
injection
R7000
Security
vunerable
  • mdgm-ntgr's avatar
    mdgm-ntgr
    Dec 11, 2016


    NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384

     

    We now have beta firmware containing fixes for some affected models.

    We're working hard on fixes for the other affected models and will update the security ticket above soon.

     

    **** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****

     

    To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements. 

     

    Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.

     

    NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page.  We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues.  When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.

     

    Security Advisory for VU 582384 knowledgebase article.

    NETGEAR Product Security Advisory page.

     

     

RELamb's avatar
RELamb
Aspirant
Dec 18, 2016

Thanks for the replies.  I went ahead and closed the browser while the (hanging) update was taking place and everything seems to be okay with the router.  The upload to the router must have never happened so I'll give it some time before attempting again (if ever).

GinaGerson's avatar
GinaGerson
Star
Dec 18, 2016

@RELamb Are you absolutly sure you got the right firmware for YOUR router? Otherwise, try to download it again from Netgear, maybe the file is incomplete or damaged.

 

And did you unzip the file? Just asking ;)

  • michaelkenward's avatar
    michaelkenward
    Guru - Experienced User
    Dec 18, 2016
    GinaGerson wrote:

    RELamb Are you absolutly sure you got the right firmware for YOUR router? Otherwise, try to download it again from Netgear, maybe the file is incomplete or damaged.

     

    And did you unzip the file? Just asking ;)

     

    Heed this advice. It is important.

     

    You should get an error if you have the wrong firmware, but this patch is such a rush job that who knows what is going on?

     

    If your new firmware is not a beta version, you could try telling your modem/router to find and install the update. Instructions are in the manual for whatever box you have.

     

     

     

  • katedan19772001's avatar
    katedan19772001
    Aspirant
    Dec 19, 2016

    I have the netgear R7800 Nighthawk X4S AC2600 and when I try the recommonded advise to see if my router might be affected with the bug. I get the number 0 on the screen. Not a blank page or an error. It makes me think mines is affected with this issue. I used the  http://[router-address]/cgi-bin/;uname$IFS-a . The router address being my router IP.  The only response from a moderator is it's not in affected devices list. 

    Model # : R7800

    Firmware: V1.0.2.12

    OS: Windows 10 

    Browser: Chrome

     

    negear bug 12-1-9-2016.png

     

     

  • mdgm-ntgr's avatar
    mdgm-ntgr
    NETGEAR Employee Retired
    Dec 20, 2016
    katedan19772001 wrote:

    The only response from a moderator is it's not in affected devices list. 

    Model # : R7800

     

    You can continue to monitor our security advisory page for this vulnerability to see if there is any change as our review continues.