Nighthawk R7000 Recent Vulnerability Disclosure

Question

There was a recent disclosure of a vulnerability affecting firmware 1.0.11.116 and before for the R7000 router. This disclosure was posted here: https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/

Apparently, Netgear responded that 1.0.11.116 isn't the latest version of the software yet according to the support and download pages the latest software version is in fact 1.0.11.116:
https://www.netgear.com/support/product/r7000.aspx#download

When can I expect a fix for this to be released so I can make sure it gets applied to my device?

plemans · Answer

a couple things.&nbsp;1. the firmware that the response team got is the for r7000P. not sure if the miscommunication was on netgears side or the vulnerability team.2. we're not netgears. This is the public support forum where members of the public are trying to help others out. We have no affiliation with netgear. You might message a moderator to see about specific details&nbsp;3. The r7000 has a strong 3rd party firmware crowd. might be worth seeing if one of those might be more suited towards you if you're wanting faster updates/more capabilities.&nbsp;

DarrenM · Answer

Hello Camitt&nbsp;

&nbsp;

You will want to install the hotfix firmware

&nbsp;

https://kb.netgear.com/000063684/R7000-Firmware-Version-1-0-11-123-Hot-Fix

&nbsp;

DarrenM

Forum Discussion

Nighthawk R7000 Recent Vulnerability Disclosure

2 Replies