NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

kochin's avatar
kochin
Apprentice
Dec 09, 2016
Solved

R7000 & R6400 Vulnerability Note VU#582384

[When I created this post, I wasn't aware of the 2 discussions already on this topic: Two leading Netgear routers are vulnerable to a severe security flaw R7000 Vulnerability Note VU#582384]   ...
Firmware
Security
security vulnerability
VU 582384
mdgm-ntgr's avatar
mdgm-ntgr
NETGEAR Employee Retired
Dec 13, 2016

 

The Security Advisory has been updated with more information and beta firmware for some models.

kochin's avatar
kochin
Apprentice
Dec 13, 2016

I downloaded the beta firmware R7000-V1.0.7.6_1.1.99.chk and updated my R7000 router. So far, with the beta firmware, the router seems to be working just like before. I have experienced no problems on my LAN, which includes a WiFi extender.

 

The security vulnerability appears to be fixed in this beta firmware. All tests of proof of concept reported back with "401 Unauthorized" as it should be.

 

  • microchip8's avatar
    microchip8
    Master
    Dec 13, 2016

    I find it really a terrible job if NG was notified of this issue months ago and did nothing until the person who discovered it went public and then NG had to act. Will make me think twice before I go with NG routers again and make me think thrice before recommending them, especially when ran on stock firmware

    • kochin's avatar
      kochin
      Apprentice
      Dec 13, 2016

      Yes, it's very sad that it has to become a bad publicity for Netgear to respond to this security vulnerability after more than 3 months. It really makes customers question Netgear's attitute toward securing their network products.

       

      • germanus's avatar
        germanus
        Tutor
        Dec 13, 2016

        We can only hope that Netgear is learning a lesson here like other high-tech companies did as Intel for example way back when they did not acknowledge their issue with the Pentium processors. But it is VERY disconcerting that with the news full of reports about hacks and privacy intrusions that Netgear has shown such a cavalier attitude on this issue. I have actually started to look for alternatives and might switch routers if Netgear does not release an official fix VERY SOON, read by the end of this week. I am not experienced enough to deal with beta firmware. Fortunately they are not the only "router game in town", and we have options as consumers.  So let's cross our fingers that Netgear gets its act together VERY quickly, I like the products but this lack of security concern is alarming.