NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
R8000 New firmware 1.0.3.36_1.1.25
New firmware (3.36) said for security fix. What security fix does this one apply?
It fixes PSV-2016-0245 & PSV-2016-0254.
Yeah, one sentence, "fixed security issue"!
Which security issue?
How serious?
Do I need to upgrade?
Will it brick my router?
Lol Lol Lol..............
The confusion started with two subminor releases for the R8000 within a few days - most likely on the same security issue, probably not propelry fixed before - regardless of the
R8000 Firmware Version 1.0.3.26
R8000 Firmware Version 1.0.3.36
Best guess (yes, I know ...) it's all about CVE-2016-6277, PSV-2016-0245 (formerly designated VU #582384..
Remains the question what PSV-2016-0068 is about ...
I see!
But 1.0.3.26 already been replaced by 1.0.3.32 a while back. It seems to be a stable version.(or at least to me).
Well, as per Security Advisory for CVE-2016-6277, PSV-2016-0245 we _should_ be fine.
But now we have this Security Advisory for Insecure Timestamp Password Vulnerability, PSV-2016-0254 on the table - however, I fail to find any reference to a CVE-2017-5679. And the confusing entry from January 2017 on NETGEAR Product Security Advisory
Netgear at it's best...I am lost at this point. What a me**.
Can some Netgear Mods take care of this, and shed some light please? ElaineM please....
It fixes PSV-2016-0245 & PSV-2016-0254.
ElaineM wrote:It fixes PSV-2016-0245 & PSV-2016-0254.
Thank you ElaineM. Conclude, both the R8000 1.0.3.36 Release Notes as well as the PSV-2016-254 KB entries require an update 8-)
Yes. I already forwarded it to the team.
What's confusing me is that the version number is lower than my existing one. I am currently running 1.0.3.4 which is running stable. The latest version is 1.0.3.36? I though it was a mistake so I was afraid to replace it. This router out preforms any other router I have ever owned so I'm afraid to mess it up with a firmware update, especially if it's an older version. I tried the nighthawk x10 and it was so miserable that I returned it in 48 hours.
No, this version is way higher than 1.0.3.4. It is 4..5..7..8..10..15...21..30..32..33..34..35..36! (Don't know why the version numbers jumped).
Accordingly 1.0.3.32.. fixed a SERIOUS security flaws. So not updating at your own risk!
But I totally understand what you meant.
...and the other MAJOR problem with this latest firmware release is that it completely brakes the Android version of the app...so as I came to find out last night, the mobile app doesn't even manage to LOG-IN to the router anymore...completely dead.
I left the app feedback on Google App page, but I have no idea who (if anyone) actually reads this.
Sooo...for me, it's time to roll-back the firmware upgrade and as you stated in your post: beware!!!