NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

ShirinS's avatar
ShirinS
Aspirant
Jun 21, 2017
Solved

Spam email RE R7000 Firmware?

I received 5 emails about firmware vulnerability for the R7000. Is this spam? Email is below. From: "NETGEAR Security" <NETGEARSecurity@e.netgear.com> Date: June 21, 2017 at 9:21:10 AM PDT Subjec...
Firmware
Security
  • LegendXXX's avatar
    LegendXXX
    Jun 29, 2017

    It's working now.  It seems to have been down for a couple of days.

Mr_DJ's avatar
Mr_DJ
Apprentice
Jun 21, 2017

I think what Elaine meant, was that this is a general notification for all registered owners, to tell or remind them to update to latest firmware verison IF THEY HAVE NOT DONE SO ALREADY.......I guess not everybody is necessarily updating the firmware everytime there is an update released!   ;-)

And since Netgear does not log/track every users router firmware version, they choose to release a general reminder notification to all users.

 

Elaine can correct me if I am wrong here!  :-)

bjwierda's avatar
bjwierda
Aspirant
Jun 21, 2017

Same mail, no update available.

 

download site only shows north america update

 

Does this mean the eu routers are save, or are the eu router screwed for the time being.

 

Current Firmware Version V1.0.7.12_1.2.5

 

and the north America update does not show any security fixes either so this is rather confusing

 

I dont expect mail about a "new" firmware version that has been online for over 4 months or so

 

 

 

 

  • William10a's avatar
    William10a
    Master
    Jun 21, 2017

    If they are senting e-mails again possible firmware updates that is a nice thing and the fact people always do not keep track of the version of firmware they are running with the ten thousand things we have to do in our lives, so at lease reminds them to check.

  • ElaineM's avatar
    ElaineM
    NETGEAR Employee Retired
    Jun 21, 2017

    That's correct @Mr_DJ and thank you for that follow up answer. 

     

     

    bjwierda EU customers are safe, just make sure you have the latest firmware installed. Firmware version 1.0.8.34 has an additional feature (router data analytics) and doesn't necessarily mean that they are more secure. Firmware version 1.0.8.34 contains all fixes/enhancement in 1.0.7.12 and with router data analytics feature. 

     

    • J_A_User's avatar
      J_A_User
      Initiate
      Jun 23, 2017

      I too received the very same worded Netgear notice for another Netgear product on that date.  Mine has been updated to latest firmware many months ago.  In researching other user's experience, I came across the following post,

       

      "The origiinal message source indicates the message was sent from a server with the IP
      address 136.147.187.62. A WhoIs query indicates that IP address belongs to either
      Salesforce.com, Inc. in San Francisco or else ExactTarget, Inc. in Indianapolis. According
      to Wikipedia, ExactTarget was the original name of Salesforce.com; but neither is
      connected to Netgear.
      The return E-mail address domain was NOT netgear.com but e.netgear.com. A DNS
      lookup for netgear.com yields the IP addresses 54.200.99.0 and 54.218.118.186, both of
      which belong to Amazon. A DNS lookup for e.netgear.com, however, yields the IP address
      68.232.201.28, which belongs to ExactTarget.
      Since the US-CERT (an agency of the United States Department of Homeland Security)
      has not reported a Netgear security vulnerability for June, this whole mess smells."

       

      Given the range of products that seem to have been reported as needing security updates, does anyone know if Netgear has seen/commented on this matter?

      • thelemonkid's avatar
        thelemonkid
        Luminary
        Jun 23, 2017

        J_A_User

         

        Thank you for your excellent detection work! Indeed I also had my doubts about the origins of the mail that was sent. But an employee of Netgear ElaineM, assured us that it was in fact a Netgear sent (spam) mail. I use the word spam here because after all this is such a piece of unnecessary mail that it defines as such. It does not inform the users, it is not compiled like a 'remember to' or 'be sure to check the download section from time to time' mail. Instead it makes the user believe that it is absolute essential to update now and straight away. While there is no reason to do so right now because a of new infection that will take over all that is digital.

         

        But I don't understand why:

         

        1) The sender is not Netgear but another address

        2) The mail talks about security but has CLICKABLE LINKS ....... (did someone at Netgear ever read about security...???)

         

        It is so weird that the mail is not really netgear that it is striking!

         

        Just recently a scam was discovered where senders would use Cyrillic, Chinese, Thai or other Characters that most western users do not have on their computer. Those characters were then transformed into western letters by the software on the users computer. In a browser like Firefox these look like legitimate addresses. So when you click on them you would end up a a site that looked legitimate but was infact a complete different address written in another language. However in the addressfield you could not see that!

         

        So I never trust mails sent out by a company when it has a clickable link. But apparently at Netgear they don't take your security serious. And from your e-mail I fear that our e-mail addresses are in the hands of some marketing companies, thanks to Netgear.