- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: CSRF/LocalFile/XSS product Vulnerability
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CSRF/LocalFile/XSS product Vulnerability
Netgear CM600, I was wondering if the CSRF / LocalFile / XSS product vulnerability has been fixed yet?
I bought one and it has firmware version V1. 01.05
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: CSRF/LocalFile/XSS product Vulnerability
v1.01.05 has that vulnerability. It was first reported by Netgear in late Fall 2015. In December 2015 Netgear started giving fixed firmware to some cable MSO's (Comcast first if I recall). I am on Time Warner Cable (now Spectrum), and that MSO three months ago JUST approved the Netgear patched firmware for the CM600 (on TWC/Spectrum that is v1.01.12). Sadly the policy for my cable MSO is they no longer push firmware updates to consumer-owned modems, even if there are known security vulnerabilities.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: CSRF/LocalFile/XSS product Vulnerability
I checked and the current firmware for other ISPs is V1.01.06 . I use Suddenlink. I contacted Suddenlink twice and they stated they could not update the firmware. On the 3rd time the Tech said he attempted to update the firmware but when I rebooted I still had v1.01.05 So they were unable to update my firmware. Should I be concerned. Has the latest firmware been pushed to Suddenlink?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: CSRF/LocalFile/XSS product Vulnerability
Here is the KB to the latest firmwares via ISP
DarrenM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: CSRF/LocalFile/XSS product Vulnerability
DarrenM
Yes that is the KB I saw and that I was referring to that got me started on the quest to redeem my firmware. Any idea if this has been pushed to Suddenlink, which is my ISP.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: CSRF/LocalFile/XSS product Vulnerability
After not being able to resolve this issue via Netgear or my ISP Technical support I returned the product and bought an Arris Surfboard SB6190.
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more