NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Security Hotfix for X10 R9000?
What security fixes are in https://kb.netgear.com/000061091/R9000-Firmware-Version-1-0-4-36-Hot-Fix
Any zero day exploits?
The router firmware shows no new available updates, probably because the above is still in beta. I normally avoid beta software.
But if this is an urgent hot-fix, then maybe I should install it ...
Is it worth installing this beta firmware?
Did some more searching:
If you Google the CVE codes below, you get
Current Description (https://nvd.nist.gov/vuln/detail/CVE-2019-5016)
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.
Current Description (https://nvd.nist.gov/vuln/detail/CVE-2019-5017)
An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.
So, the information is out there, including on Netgear's own security page (thank goodness for that!).
So, how about including this on the firmware download page?!?
==
Associated CVE IDs: CVE-2019-5016; CVE-2019-5017
NETGEAR has released firmware fixes or hotfixes for KCodes NetUSB unauthenticated remote kernel information disclosure and arbitrary memory read security vulnerabilities on the following product models:
- D6000 running firmware versions prior to v1.0.0.78
- D6400 running firmware versions prior to v1.0.0.88
- D7800 running firmware versions prior to v1.0.1.56
- DC112A running firmware versions prior to v1.0.0.44
- EX6200 running firmware versions prior to v1.0.3.90
- EX6200v2 running firmware versions prior to v1.0.1.78
- EX8000 running firmware versions prior to v1.0.1.202
- R6250 running firmware versions prior to v1.0.4.38_BETA
- R6400 running firmware versions prior to v1.0.1.50
- R7300DST running firmware versions prior to v1.0.0.74_BETA
- R7500v2 running firmware versions prior to v1.0.3.41_BETA
- R7800 running firmware versions prior to v1.0.2.63_BETA
- R7900 running firmware versions prior to 1.0.3.14_10.0.40_BETA
- R8000 running firmware versions prior to 1.0.4.38_10.1.59_BETA
- R8900 running firmware versions prior to v1.0.4.36_BETA
- R9000 running firmware versions prior to v1.0.4.36_BETA
- WNDR4300v2 running firmware versions prior to v1.0.0.60_BETA
- WNDR4500v3 running firmware versions prior to v1.0.0.60_BETA
- XR500 running firmware versions prior to v2.3.2.56
- XR700 running firmware versions prior to v1.0.1.18_BETA
==
9 Replies
Typical care to detail that Netgear shows. :smileyhappy: Doc with the firmware says security fixs. A simple what fixes are included in the doc would have been nice since they know, hopefully, what they fixed.
About a month ago. I started a thread about this:
In that thread, I asked a lot of the same questions that you did. As you can see, Netgear did not provide any information about this "Hot Fix". I have no idea who this hot fix is directed towards, and no idea whether or not to install it.
Also, did you notice that the date on the v1.0.4.34 release is actually later than the date for v1.0.4.36 (does not seem logical that v1.0.4.36 is older than v1.0.4.34).
Once again, we are left with no information to make a sensible decision whether or not to install this hot fix.
I noticed those same things. Hmmm, beta? I'm not a beta kinda girl. Beta....."Hot Fix"?! For a security vulnerability? No thanks. The non-sequential dates are another sign it'll be best for me to put off updating even to v1.0.4.34.
> [...] Beta....."Hot Fix"?! For a security vulnerability? No thanks.
> [...]For a serious security vulnerability, a "Hot Fix" may be exactly what
you want. Waiting to the next normal release leaves you vulnerable
longer.However, given the dearth of useful info in Netger firmware release
notes, the mystery is whether some new "beta" release introduces
exciting new bugs along with the solution for the security
vulnerability.> [...] The non-sequential dates are another sign [...]
If you're looking at the dates on some documents, then you may be
seeing a sign that someone found a typographical error in a document,
and changed that document. If you want to know about the actual
firmware files, then fetch the firmware kits, and look at the dates on
the files in the zip archives.
