NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NETGEAR Routers and CVE-2016-582384 security vulnerability
I am a bit concerned about this recent article: http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/ https://www.kb.cert.org/vuls/id/582384 Details: Overview Net...
NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384We now have beta firmware containing fixes for some affected models.
We're working hard on fixes for the other affected models and will update the security ticket above soon.
**** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****
To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements.
Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.
NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page. We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues. When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.
Security Advisory for VU 582384 knowledgebase article.
NETGEAR Product Security Advisory page.
Kitsap wrote:2. Using the Download Link below, download and extract the new firmware to a convenient place such as your desktop. The filename after extracting is R7000-V1.0.7.6_1.1.99.chk
True, but remember that not everyone understands what extract means. Why should they?
Perhaps the instructions should have said "extract (unzip)".
These days you wonder why they zip things when they contain only one file. It isn't as if bandwidth is an issue any more.
What's important for all to remember, most of us are not IT literate and take instructions literally. I am 60+ and most in my peer group would look for a younger friend to assist with tasks like this. Once I was told through a great response to unzip the file I could easily complete the update. It took me 3 to 4 times longer just to find this valuable site for asking & sharing ideas. Initial instructions need to factor in their audience and 90%+ of the purchasers of this type of hardware are not IT literate. My thanks to you all for your assistance in resolving my issue....pjsand
pjsand wrote:I am 60+ and most in my peer group would look for a younger friend to assist with tasks like this.
In this case, some of the people who have been throwing around their advice, well, at least one of them, is 70+. (I can even help people with putting a ribbon in a typewriter.) But it sure is important to communicate using language that everyone can understand.
In the case of this firmware update, telling people how to deal with zipped files really only applied when users wanted to use the beta versions. Applying the final release didn't need that.
At least these days you don't need software to unzip files. The operating system does that.