NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Vulnerabilities on Ready NAS 204
We did a scan to our network and found severals vulnerabilities in our NAS 204. I look online but was not able to find anything. here is the list: 1: SSL Medium Strength Cipher Suites Supp...
6.7.5
I'm running 6.8.0-RC1 on mine.
I checked with www.ssllabs.com
I got the expected self-signed cert issues
| Alternative names | - INVALID |
| DNS CAA | No |
| Trusted | No NOT TRUSTED |
It also got a downgrade on forward secrecy - details are
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits FS WEAK
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 1024 bits FS WEAK
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits FS WEAK
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits FS WEAK
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 1024 bits FS WEAK
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 1024 bits FS WEAK
There was one encryption method with a 112 bit key that was also flagged.
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK
These are easily fixed by Netgear - removing one cipher suite, and changing the minimum DH key size.
Some checkers just check version numbers. We can't update to apache 2.4 as it would break WebDAV.
We backport what we need for various packages and update to newer package versions where it makes sense to do so.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
