NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
R9000 Firmware V1.0.2.32 release note details about "security updates"
The release notes to V1.0.2.32 just say "security updates"
I was wanting to know which security issues were updated in this version?
I am very concerned about whether or not this patches the sambacry vulnerability that is in the wild now.
Thanks!
3 Replies
dave4925 wrote:I am very concerned about whether or not this patches the sambacry vulnerability that is in the wild now.
The R9000 V1.0.2.32 does run SAMBA Version 3.0.24 (I'm not kidding - with plenty of other probably less critical vulnerabilities and non-required restrictions in the year 2017...) like many other Netgear Nighthawk and other Netgear routers. As per the CVE-2017-7494 , SAMBA versions before v3.5.0 are said not to be vulnerable. The Netgear implemented SAMBA version is decades old, not just seven years as when this bug was introduced...
Don't worry - there are many more security issues neither patched nor the configurations changed. I strongly advice not to expose the R9000 (or any other Netgear router) for remote management, for ReadySHARE by http, https, or ftp th the Internet.
Do you know what version of SAMBA the R9000 uses in its latest firmware, and if it has been tested against the sambacry exploit?
Also, a verbose security update list would be great.
Thanks!