NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

31 Replies

  • tigerten's avatar
    tigerten
    Luminary
    May 06, 2023
    They fixed the readynasos repository. I think that is all they did. I believe the packages in 6.10.9 are exactly the same. However, the two, now defunct debian repo are still not fixed.

    The last time Readynas got security update was December 2022.
    Migrate the readynasos to the current debian is imperative.



    Is there a plan Netgear will ever address this? I am sure all the current users will be grateful the Netgear does not abandon them.
    • eton's avatar
      eton
      Luminary
      May 07, 2023

      In previous security releases they wrote ReadyNAS in the title. But there is no post yet for the latest OS6 release. Sloppy. Netgear is such an underachiever these days.

       
    • eton's avatar
      eton
      Luminary
      May 07, 2023

      tigerten 

       

      Only this file?

       

       

      # cat /etc/apt/sources.list
deb https://apt.readynas.com/packages/readynasos 6.10.8 updates apps main

deb http://mirrors.kernel.org/debian jessie main
deb http://security.debian.org/ jessie/updates main

       

       

      • tigerten's avatar
        tigerten
        Luminary
        May 07, 2023

        yes. 

        the two debian sources are dead already. 

         

        We are basically limited to the first Netgear source only, which has about 1000 packages in total. 

         

        AnishaA 

         

        Is there a plan to fix this? 

    • timbck2's avatar
      timbck2
      Tutor
      May 07, 2023

      | "I am sure all the current users will be grateful the Netgear does not abandon them."

       

      Are you sure they haven't abandoned us? The ReadyNAS 6.10.9 update does NOT install automatically (or even appear when you click "Check for Updates" in the ReadyNAS interface). Netgear has yet to make an announcement of any kind about the release, nor provide any useful release notes (I'm sorry, but "addresses security vulnerabilities" without saying which security vulnerabilities are addressed, is NOT a release note; it's an insult.)

       

      And they've broken access to this very Community Support Forum so that if you have a bookmark pointing to it (as well as a lot of the links on Netgear's website), you are taken to a version of the support forums that support ONLY Netgear Wifi and Mesh routers (coincidentally the only home products they produce anymore.) It's as if they not only don't want to support their discontinued products anymore, but they don't want users of their products to help each other with community support. I guess they want us all to dump our outdated Netgear products in a landfill, bury them, and pretend they never existed.

      • eton's avatar
        eton
        Luminary
        May 07, 2023

        timbck2 It usually takes about 2 weeks from that a new update is published until it is available via OS6 web admin update.

         

        They didn't manage to announce here in the forum about the previous update either.

  • eton's avatar
    eton
    Luminary
    Jun 26, 2023

    Netgear is still not pushing this update to clients. In other words you can still not get this update via the web GUI firmware update method.

     

    The time from publishing the update to it being available via web GUI has been exceptionally long.

     

    This is just another circumstantial evidence that Netgear just don't care about ReadyNAS anymore.

      • StephenB's avatar
        StephenB
        Guru
        Aug 18, 2023
        eton wrote:

         

        Have you manually installed it?

        Did you notice any changes?

         

        I installed it some time ago. The only visible changes are that the Netgear Repo remains broken in 6.10.8, but not in 6.10.9.  That's not inherent to the update though, they could (and should) just fix the broken repo.

         

        eton wrote:

         

        And still NO release information: https://kb.netgear.com/000065653/ReadyNAS-OS-Software-Version-6-10-9

        True.  Although it does point to netgear.com/about/security for security info, there is nothing there for 6.10.9 (just one fix that was in 6.10.8).

         

        And if you look inside the zip, you'll find the release notes for 6.10.8.

         

        So no way to know the impact of the vulnerabilities in 6.10.8 that they say they fixed.

  • eton's avatar
    eton
    Luminary
    Jan 17, 2024

    It took a long while, but now there is at least some information about version 6.10.9.


    https://kb.netgear.com/000065542/Security-Advisory-for-Multiple-Vulnerabilities-on-ReadyNAS-OS-6-PSV-2023-0015-PSV-2023-0016

    Published: 10 November 2023

     

    Associated PSVs:

    PSV-2023-0015
    PSV-2023-0016
    PSV-2023-0017

     

    Where can I find more information? What are the changes in 6.10.9?
    And where can I read the details about PSV-2023-0015, PSV-2023-0016 and PSV-2023-0017?

     

    What does PSV mean? Netgear doesn't explain it. Is it an abbreviation for Product Security Vulnerability?

     

     

    • StephenB's avatar
      StephenB
      Guru
      Jan 17, 2024
      eton wrote:

       

      What does PSV mean? Netgear doesn't explain it. Is it an abbreviation for Product Security Vulnerability?

       

      Probably, but maybe could be Platform Security Validation (which is an methodology to assess security).  Looks like Netgear published it, as there are no CVEs reported against ReadyNAS after 2018.

       

      There is a bit more info on these here:

      But in general, if a vendor provides a security update, you should install it.

       

      eton wrote:

      What are the changes in 6.10.9?

      They only mention the security patches here:

      I've been running it for quite a while now, and havent seen any behavior changes from 6.10.8.

      • GGITech's avatar
        GGITech
        Apprentice
        Jan 17, 2024

        Has anyone else had any issues with apps not installing?

        I had Calendar and Contacts installed with 6.10.4. The device was for testing and redundancy of another 102, and I repurposed it.

        Now with 6.10.8, then 6.10.9 hardly ANY apps will install.

        What I did:

        I did a complete factory reset, OS install, and have a running NAS with new drives.

        As I said, everything is functioning correctly and I can copy files, add users, create shares, et al.

        I have not tired every app, as I got tired of trying and failing. Here is a list of what actually fails to install:

        • ajaxplorer
        • asterisk
        • bbindr6
        • bzeetr6
        • contacts and calendar
        • couch patato
        • ddclientr6
        • dns server
        • drupal
        • glpi
        • idrive
        • joomla
        • koken
        • linux-dash
        • logitech media server

        Sometimes they fail inside the Gui and notify, other times they just seem to crash the GUI and force a new login.

        The only apps that seem to install are 

        • istat, it does resets the admin gui, and fore relogin
        • kernal plus, gui resets
        • istat nt, installs correctly, shows dialog, back to gui

        Any idea what is going on? I have considered rolling back to 6.10.4 but have no idea if this will fix the issue.

        It is quite a hassle to roll back with the horrid build process of the USB and having to manually do everything, so I have not done that, and thought I might ask first. 

        At this point, I might be obvious with the deprecation of the platform as mentioned by its lack of updates, even official posting of the latest firmware, that I should just continue to use them as a storage point and build another device for the few apps that were flawless to run on them quietly.

         

        Any input is appreciated, if this needs its own thread, let me know and I will start one.

         

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More