NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NETGEAR Routers and CVE-2016-582384 security vulnerability
I am a bit concerned about this recent article: http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/ https://www.kb.cert.org/vuls/id/582384 Details: Overview Net...
NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384We now have beta firmware containing fixes for some affected models.
We're working hard on fixes for the other affected models and will update the security ticket above soon.
**** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****
To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements.
Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.
NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page. We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues. When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.
Security Advisory for VU 582384 knowledgebase article.
NETGEAR Product Security Advisory page.
netgear wrote:We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues.
Presumably this is meant to indicate that you receive a lot of spam on these mailboxes. I suggest providing guidelines for how you want humans to format their subject lines when contacting you about vulnerabilities. This may make it easier to differentiate between bots sending you ads for viagra and vulnerability reports.
aboxofclay wrote:
Presumably this is meant to indicate that you receive a lot of spam on these mailboxes.
That's one way of interpreting it, but spam is easily trapped. My guess is that "numerous emails through this channel" is more likely to be loaded down with reports of false positives in AV software, or people who are just paranoid and think that every time their system falls over it is a security failure.
As for providing a format for submitting issues, that's a good way of encouraging the spammers.
It would be better to be more diligent in the first place and for Netgear to pay a bit more attention to what it does receive. I suspect that it does so now that it has seen the folly of ignoring messages.
Spammers (as opposed to spear phishers) aren't going to bother customizing their messages for a mailbox their bot has scraped off the web. However, a consistently formatted subject line will make it easier for a human to recognize a potential problem report. Agreed on the need for increased diligence though.
michaelkenward wrote:
aboxofclay wrote:
Presumably this is meant to indicate that you receive a lot of spam on these mailboxes.That's one way of interpreting it, but spam is easily trapped. My guess is that "numerous emails through this channel" is more likely to be loaded down with reports of false positives in AV software, or people who are just paranoid and think that every time their system falls over it is a security failure.
As for providing a format for submitting issues, that's a good way of encouraging the spammers.
It would be better to be more diligent in the first place and for Netgear to pay a bit more attention to what it does receive. I suspect that it does so now that it has seen the folly of ignoring messages.
aboxofclay, I am sort of confused over this string of messages you've seemed to have started within this thread on 1/6?
Was this a returned e-mail to you from Netgear after you reported a problem to them? I can find nothing in the thread like this?
As for SPAM reaching them, it is really a double edged sword. Depending on SPAM filters some will get through, and conversely some that are not SPAM will be discarded.
Yes, there are ways to defeat this, forms to be filled out (although robots can get around this too) but that means a browser must be used to submit reports. Otherwise 'normal' emails are free form and unless there were specific information within the product documentation in the box that detailed what was required one wouldn't know it (or even forget to look at the documentation before sending off an email). On top of that NG support is only for 90 days. I bet that 'channel' gets a lot of email for h/w OUT OF WARRANTY as well.
So how did you get that 'message' and what did you do about it?
Like I previously stated here:
Netgear FW code should definitily be audit, vulnerabilities news on Netgear almost everyday now:
https://www.engadget.com/2017/01/31/more-netgear-wifi-router-vulnerabilities/
http://www.theregister.co.uk/2017/01/31/major_security_hole_in_netgear_routers/
Definitily something to have in mind before getting a Netgear product.
ElaineM: Now you can understand my previously concerns about Netgear vulnerabilities?
Obviously this was something that could be avoided if Netgear could listen more to the people reporting these kind of issues, instead keeping things just like they are, I'm really sorry things have reach this point.
