Forum Discussion

Tutor

Dec 11, 2016

Solved

R7000 Vulnerability - When will new firmware be released to address this?

ZD Net is now recommending that we shut down our R7000 routers until Netgear generates a fix to the exploit code that was recently released. As shutting down a router is not a reasonable option I wo...

Firmware

Security

security vulnerability

VU 582384

ElaineM
Dec 14, 2016
Hi All,

The Security Advisory for VU 582384 has been updated.

Also, for more information see the link below.

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Two-leading-Netgear-routers-are-vulnerable-to-a-severe-security/m-p/1186149/highlight/true#M44242

mPresto

Initiate

Dec 11, 2016

You may not neet to shut down your router. Came across this blog describing a simple temporary fix:

www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/

Basically it describes killing the http server process ( using the vulnerability to do so of all things). Rebooting the router will start the http process again.

Hope an update will be available soon. I just bought my R7000 and was rather disapointed to hear this.

TheEther

Guru

Dec 12, 2016

Netgear has acknowledged the vulnerability.

http://kb.netgear.com/000036386/CVE-2016-582384

mdgm-ntgr
NETGEAR Employee Retired
Dec 13, 2016

The Security Advisory has been updated with more information and beta firmware for some models. Thanks for your patience.
- Atrum
  Initiate
  Dec 13, 2016
  
  I use an ARLO compatible version on my R7000, will there be an update to correct this vulnerability?
  
  Is there already a beta version correcting the vunerability with ARLO support on the R7000?
  
  My current firmware is the R7000-V1.0.6.40_1.1.90
  - mdgm-ntgr
    NETGEAR Employee Retired
    Dec 13, 2016
    Arlo support was removed from R7000 firmware a while back now.
    
    You can use an Arlo base station with your cameras. You can even use the new Arlo Pro base station which has a siren.