NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
R7000 & R6400 Vulnerability Note VU#582384
[When I created this post, I wasn't aware of the 2 discussions already on this topic: Two leading Netgear routers are vulnerable to a severe security flaw R7000 Vulnerability Note VU#582384] ...
Hi All,
The Security Advisory for VU 582384 has been updated.
Also, for more information and update see the thread below.
"...
The Security Advisory has been updated with more information and beta firmware for some models. ..."
Will this firmware shut off the telnet backdoor to the router or should we file another security report for that ?
Not sure what telnet backdoor you were talking about. Did you mean the telnetd running at your router after you tested the proof of concept? Simply power your router off and then on, and it will be gone.
RMinNJ wrote:Will this firmware shut off the telnet backdoor to the router or should we file another security report for that ?
Yes, but someone can send the "magic packet" to the router and telnet will be on again. I think the premise of the security lies in
the fact that that packet has to have the correct admin password? Would prefer if this turn on daemons via magic packets feature could be disabled..
Hi All,
The Security Advisory for VU 582384 has been updated.
Also, for more information see the link below.
Thank you for the update. It shows that Netgear has the courage to admit their own mistake. I'll take that as a promising indication that Netgear will learn from this incident.
Once it had been disclosed that the first notification occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part.