NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
R7000 & R6400 Vulnerability Note VU#582384
[When I created this post, I wasn't aware of the 2 discussions already on this topic:
- Two leading Netgear routers are vulnerable to a severe security flaw
- R7000 Vulnerability Note VU#582384]
Just saw this news:
An advisory posted on Friday in Carnegie Mellon University's public vulnerability database (CERT) said that Netgear's R7000 and R6400 routers, running current and recent firmware respectively, are vulnerable to an arbitrary command injection flaw.
Details of this vulnerability can be found at Vulnerability Note VU#582384.
The current recommendation is to stop using those routers. Unfortunately it's impossible for many users with only one router at hand. Is Netgear developing a fix and firmware update to combat this issue?
UPDATE:
It's very scary. I just tried the proof of concept on my router. It really worked and started a tenet service on the specified port without requring any authentication. Netgear'd better patch this up ASAP.
Hi All,
The Security Advisory for VU 582384 has been updated.
Also, for more information and update see the thread below.
34 Replies
Replies have been turned off for this discussion
Will the updated firmware wipe out all my settings? The technote says:
"Write down all the settings which you changed from the default values, since you may need to re-enter them manually."
But does it actually wipe them out? And, if so, will backing up the settings w/ my current firmware allow me to successfully restore them after flashing the beta firmware?
I have a pretty large port forwarding and DHCP reservation tables and would need ot set aside considerable time to re-enter everything if I had to.
You should prepare just in case to be able to re-enter your settings manually e.g. if you need to do a factory reset after the upgrade.
I had no problems but then I have a very simple configuration on my R7000.
That's good advice, but I'm really wondering if others have flashed the beta and can confirm that their settings remained intact or, at least, that the new firmware is able to successfully restore settings backed up with the prior firmware.
You guys must have tested this in the lab, yes? Did it work for you?
Hi,
The problem is also described here: https://securityledger.com/2016/12/vulnerability-prompts-warning-stop-using-netgear-wifi-routers/
You can see the IPs of affected routers by using this link: https://www.shodan.io/search?query=r7000
The Security Advisory has been updated with more information and beta firmware for some models.
"...
The Security Advisory has been updated with more information and beta firmware for some models. ..."
Will this firmware shut off the telnet backdoor to the router or should we file another security report for that ?
So far the best workaround of this vulnerability I saw is detailed at http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/. Before you follow the procedure I suggest you to reboot your router first.
I got a response from Netgear this morning at 2:39am. They must be working hard to get it resolved. But, the message isn't saying much.
We appreciate you contacting us. Currently we are working on a fix and will get back to you when it’s available. Thanks.
If you have any questions or comments with regard to this information, please contact us at: security@netgear.com.
Sincerely,
Product Security Incident Response Team
Netgear, IncI got exactly the same email response from the security team. While it is very general it looks like Netgear knows about it and îs working on a fix.
I will stay put and not switch to my Comcast router which has much lower WiFi speed. Just will be very careful not to open any link, alerted my wife to be diligent with suspicious looking emails. Let's hope the Netgear team comes up with something soon.
We (NETGEAR) are aware of the security issue #582384 affecting R6400, R7000, R8000 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384
We're working hard for a fix and will update the security ticket above soon.
- This issue is very real. I personally tested it out on my R7000. I also sent an email to Netgear Security team, but haven't heard from them. If you like, you can send an email to security@netgear.com to push them. Of course, Twitter is another good way.
Thanks kochin, just sent a mesage to the seurity team asking to confirm and let us know what to do untila fix is issued.
You can for now try the solution I posted here.
This issue should be sticky at the top of the forum until resolved.
Why do we NOT hear from Netgear on thsi vulnerablity? Is it REAL or one of the "fashionable fake news" the internet is experiencing latley. If indeed this vulnerability exists Netgear should aknowledge it ASAP and tell us users what to do or not to do and by whne thye will have a fix
Would be nice if Netgear responds and give some feedback when to expect an update. Can't find any official info anywhere.
Maybe I should leave there firmware and install the Kong Mod
