NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
johnkob
Dec 09, 2016Guide
R7000 Vulnerability Note VU#582384
It has been reported on various outlets that there is a vulnerability with the R7000 and R6400 routers. Please see https://www.kb.cert.org/vuls/id/582384 . The advisor reads "Exploiting this vulnera...
- Dec 15, 2016
Hi All,
The Security Advisory for VU 582384 has been updated.
Also, for more information see the link below.
BvdRee
Dec 10, 2016Initiate
Would it be possible to use the option to block internet sites
to block the RouterIP addresses that cause the vulnerability?
It might, but I can't make it work. Anybody?
Of course, this would just provide a temporary workaround until NetGear gets their act together.
Another idea to try to push them on Twitter: LET'S ALL SHOUT AT THEM : @NETGEAR
I just sent this tweet:
netgear Please immediately provide fix to R6400 and R7000 vulnerability! http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/ Customers: don't buy until this is fixed!
BvdRee
- robwilkensDec 10, 2016Guide
I don't think blocking the routers ip address from the router would help -- The problem is accessing the router from your in-home network,most like at 192.168.1.1 address. They get you to open a web page that has a frame that goes to that address and opens a port (or whatever else it may want to do) and once that port is open it is open to external network.
What _might_ work, is somehow blocking 192.168.1.1 (or whatever your router address is) from all of your potential web browsing applications, so they can't issue commands to the router without you consciously turning that off.
I do not do this myself, and suspect you'd have to be good at working your firewall software on your laptop to block this -- and i suspect it would be an annoyance if you did need the web interface of router (I like to use it to check IP addresses on attached devices).
-Rob
- Coherent_LiteDec 10, 2016Guide
I just posted this on the other thread regarding this exploit: I tested the exploit on my router which is running firmware version V1.0.3.68_1.1.31 . The string resulted in the router requesting the admin password and then failing to the "Unauthorized Access" screen. The command after the semicolon did not appear to be executed. Unfortunately, I could only test on my local network, so I cannot confirm that this a "universal fix", but it may be a work around while NetGear cooks up a fix.
Safe surfing...
- robwilkensDec 10, 2016Guide
Just because you got an error message does not mean the command wasn't executed, you might not see the output of the command in the web browser.. I would check if any ports were openned by, for example, if your command ran telnetd then telnet to that port to see if it was open. I'm not about to do this on my router on purpose. I suspect if i did this, a reboot might close the port again as nothing was done to make telnetd start automatically on boot..
- johnkobDec 10, 2016Guide
The "Twitter Campaign" is a good idea. I would encourage readers of this thread that are affected by this problem to post Tweets to @netgear .
- terrifiedsecguyDec 11, 2016Initiate
BvdRee I like the Twitter idea, but we need a hashtag as well. How about #NetgearBrokenSecurity?
- bas996Dec 11, 2016Tutor
Or #NetgearSevereSecurityFlaw ...
I don't understand why Netgear does not communicate at all. My (other brand) NAS receives updates regularly, even today.
- johnkobDec 11, 2016Guide
Go for it. I haven't heard a word or read anything. Anyone?
- robwilkensDec 11, 2016Guide
Any chance we can get the government (CERT=Sponsored by Homeland Security) to make the company issue a 'safety recall' the way they did for the note 7, or for other dangerously faulty products?