NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Security Hotfix for X10 R9000?
What security fixes are in https://kb.netgear.com/000061091/R9000-Firmware-Version-1-0-4-36-Hot-Fix Any zero day exploits? The router firmware shows no new available updates, probably because th...
Did some more searching:
If you Google the CVE codes below, you get
Current Description (https://nvd.nist.gov/vuln/detail/CVE-2019-5016)
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.
Current Description (https://nvd.nist.gov/vuln/detail/CVE-2019-5017)
An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.
So, the information is out there, including on Netgear's own security page (thank goodness for that!).
So, how about including this on the firmware download page?!?
==
Associated CVE IDs: CVE-2019-5016; CVE-2019-5017
NETGEAR has released firmware fixes or hotfixes for KCodes NetUSB unauthenticated remote kernel information disclosure and arbitrary memory read security vulnerabilities on the following product models:
- D6000 running firmware versions prior to v1.0.0.78
- D6400 running firmware versions prior to v1.0.0.88
- D7800 running firmware versions prior to v1.0.1.56
- DC112A running firmware versions prior to v1.0.0.44
- EX6200 running firmware versions prior to v1.0.3.90
- EX6200v2 running firmware versions prior to v1.0.1.78
- EX8000 running firmware versions prior to v1.0.1.202
- R6250 running firmware versions prior to v1.0.4.38_BETA
- R6400 running firmware versions prior to v1.0.1.50
- R7300DST running firmware versions prior to v1.0.0.74_BETA
- R7500v2 running firmware versions prior to v1.0.3.41_BETA
- R7800 running firmware versions prior to v1.0.2.63_BETA
- R7900 running firmware versions prior to 1.0.3.14_10.0.40_BETA
- R8000 running firmware versions prior to 1.0.4.38_10.1.59_BETA
- R8900 running firmware versions prior to v1.0.4.36_BETA
- R9000 running firmware versions prior to v1.0.4.36_BETA
- WNDR4300v2 running firmware versions prior to v1.0.0.60_BETA
- WNDR4500v3 running firmware versions prior to v1.0.0.60_BETA
- XR500 running firmware versions prior to v2.3.2.56
- XR700 running firmware versions prior to v1.0.1.18_BETA
==
About a month ago. I started a thread about this:
In that thread, I asked a lot of the same questions that you did. As you can see, Netgear did not provide any information about this "Hot Fix". I have no idea who this hot fix is directed towards, and no idea whether or not to install it.
Also, did you notice that the date on the v1.0.4.34 release is actually later than the date for v1.0.4.36 (does not seem logical that v1.0.4.36 is older than v1.0.4.34).
Once again, we are left with no information to make a sensible decision whether or not to install this hot fix.
I noticed those same things. Hmmm, beta? I'm not a beta kinda girl. Beta....."Hot Fix"?! For a security vulnerability? No thanks. The non-sequential dates are another sign it'll be best for me to put off updating even to v1.0.4.34.
> [...] Beta....."Hot Fix"?! For a security vulnerability? No thanks.
> [...]For a serious security vulnerability, a "Hot Fix" may be exactly what
you want. Waiting to the next normal release leaves you vulnerable
longer.However, given the dearth of useful info in Netger firmware release
notes, the mystery is whether some new "beta" release introduces
exciting new bugs along with the solution for the security
vulnerability.> [...] The non-sequential dates are another sign [...]
If you're looking at the dates on some documents, then you may be
seeing a sign that someone found a typographical error in a document,
and changed that document. If you want to know about the actual
firmware files, then fetch the firmware kits, and look at the dates on
the files in the zip archives.- My purpose for being on the site was to download firmware & security updates, because I well-understand security vulnerabilities, their fixes, and hot fixes. Hot fixes are meant to fix a problem in a hurry. Betas, GENERALLY, are for testing & finding bugs. Imo, Beta + Hot Fix implies a hot fix not ready for prime time. I live in a remote area, and can't risk bricking my router. I'll wait for the final release.