Orbi WiFi 7 RBE973
Reply

CM600 & CM400 Product Security Vulnerability

mediatrek
Virtuoso

CM600 & CM400 Product Security Vulnerability

Before buying the Netgear CM600, I was wondering if the CSRF / LocalFile / XSS product vulnerability has been fixed yet? The support entry on the issue mentions the update should be released by the end of December. The support entry was updated on 02/25/2016 supposedly, but does not mention anything about what product(s) affected (which also includes the modem CM400) have been patched.

With cable modems I know the firmware review process through each provider takes time. What firmware for the CM600 is the version(s) that have been patched of this vulnerability? I have Time Warner Cable and will want to make sure they can push out patched firmware to my unit if I end up purchasing one.

Obviously if this security issue has not been address yet nearly 4 months after the security posting was made, I will not be purchasing the CM600 and also advising the folks I know with the CM400 to replace the unit.

For the CM400 owners- what firmware version(s) should they look for that were the patched version(s)?

I say "version(s)" as I know the version numbers can vary by ISP.

 

 

Model: CM400|DOCSIS 3.0 Cable Modem,CM600|CM600 High Speed Cable Modem
Message 1 of 2

Accepted Solutions
DarrenM
Sr. NETGEAR Moderator

Re: CM600 & CM400 Product Security Vulnerability

Hello mediatrek

 

Yes we have a fix but it will take time to go through certification so I have no ETA on when the firmware will be released with the fix.

 

DarrenM

View solution in original post

Message 2 of 2

All Replies
DarrenM
Sr. NETGEAR Moderator

Re: CM600 & CM400 Product Security Vulnerability

Hello mediatrek

 

Yes we have a fix but it will take time to go through certification so I have no ETA on when the firmware will be released with the fix.

 

DarrenM

Message 2 of 2
Top Contributors
Discussion stats
  • 1 reply
  • 7601 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi 770 Series