NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RND2000v1 (ReadyNAS Duo v1) alternate protocol (trying to get rid of SMBv1)
I have 2 2012R2 servers and WIN 7 or WIN 10 PCs only in this network. I want to disable SMBv1 for security purposes. Is there an alternative protocol I can use so my PCs and Servers can access this...
I would not expect an SMB update to OS 4.x or 5.x systems. You can alternatly use NFS (if you are using Windows 10 Pro), FTP, or WebDAV. I have seen articles that say NFS doesn't work right with credentials on Win10 and you have to allow anonymous access, but that may have been fixed since they were written.
Sandshark wrote:
I would not expect an SMB update to OS 4.x or 5.x systems.
Actually mdgm-ntgr says differently here: https://community.netgear.com/t5/Using-your-ReadyNAS/Any-plans-for-Samba-fix-for-CVE-2017-7494/m-p/1290213/highlight/true#M130544
StephenB wrote:
Sandshark wrote:I would not expect an SMB update to OS 4.x or 5.x systems.
Actually mdgm-ntgr says differently here: https://community.netgear.com/t5/Using-your-ReadyNAS/Any-plans-for-Samba-fix-for-CVE-2017-7494/m-p/1290213/highlight/true#M130544
No, he said they are not updating SMB versions "at this time" and would later for OS6. He left hanging whether they would update OS4.x or 5.x. Given that those are based on obsolete versions of Debian, I wouldn't hold my breath to see if they do.
However, the patch being installed may provide an alternate solution to turning off SMB.
Sandshark wrote:
No, he said they are not updating SMB versions "at this time" and would later for OS6. He left hanging whether they would update OS4.x or 5.x. Given that those are based on obsolete versions of Debian, I wouldn't hold my breath to see if they do.
Maybe we are using "update" in two different senses. I wasn't meaining to say that SMB would be upgraded to a newer version on the legacy NAS, just that the fix for the CVE would be backported to them.
That's based on this statement by mdgm: "We've built firmware with the patch for CVE-2017-7494 for legacy models as well. Once they have undergone QA testing, I believe we plan to release those updates as well:"
Hi and Thank you.
I am a little confused: Is there a "Patch" for the exploit in SMBv1? Where would I find one for my RNS2000v1? If not do you have any ETA on one?
If I am understanding correctly, NetGear will not bother to retro a firmware or software upgrade for their older products, even though there are a lot of these, unpatched and dangerous OSes still being used. This borders on criminal. If a car has a defect, regardless of the age of the vehicle, the manufacturer would HAVE to either recall or commit to repair any cars that were still on the road with the defect. They couldn't just ignore the problem. This is an apt analogy as these devices are dangerous to business as they can not only be exploited, but because to use them you have to keep a network protocol that is dangerous on your network for all PCs required to use the device. Are they really suggesting that THIS type of issue, a built-in exploit, is not their responsibility to fix? I appreciate driving the market, but if NetGear values its reputation (same for all the other manufacturers) then they need to do something and soon, I, and all MY customers (I'm in IT) will never purchase another NetGear product again. I will admit if it were an issue of additional functions or capabilities, suggesting to upgrade or replace the hardware to take advantage of new and improved functionality would be OK and understandable, but NOT if the issue is security or core functionality in the design of the product!
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
