NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
kochin
Dec 09, 2016Apprentice
R7000 & R6400 Vulnerability Note VU#582384
[When I created this post, I wasn't aware of the 2 discussions already on this topic: Two leading Netgear routers are vulnerable to a severe security flaw R7000 Vulnerability Note VU#582384] ...
- Dec 15, 2016
Hi All,
The Security Advisory for VU 582384 has been updated.
Also, for more information and update see the thread below.
guilhermeofranc
Dec 12, 2016Star
Hi,
The problem is also described here: https://securityledger.com/2016/12/vulnerability-prompts-warning-stop-using-netgear-wifi-routers/
You can see the IPs of affected routers by using this link: https://www.shodan.io/search?query=r7000
- mdgm-ntgrDec 13, 2016NETGEAR Employee Retired
The Security Advisory has been updated with more information and beta firmware for some models.
- kochinDec 13, 2016Apprentice
I downloaded the beta firmware R7000-V1.0.7.6_1.1.99.chk and updated my R7000 router. So far, with the beta firmware, the router seems to be working just like before. I have experienced no problems on my LAN, which includes a WiFi extender.
The security vulnerability appears to be fixed in this beta firmware. All tests of proof of concept reported back with "401 Unauthorized" as it should be.
- microchip8Dec 13, 2016Master
I find it really a terrible job if NG was notified of this issue months ago and did nothing until the person who discovered it went public and then NG had to act. Will make me think twice before I go with NG routers again and make me think thrice before recommending them, especially when ran on stock firmware
- RMinNJDec 14, 2016Luminary
"...
The Security Advisory has been updated with more information and beta firmware for some models. ..."
Will this firmware shut off the telnet backdoor to the router or should we file another security report for that ?
- kochinDec 14, 2016Apprentice
Not sure what telnet backdoor you were talking about. Did you mean the telnetd running at your router after you tested the proof of concept? Simply power your router off and then on, and it will be gone.
RMinNJ wrote:Will this firmware shut off the telnet backdoor to the router or should we file another security report for that ?