Orbi WiFi 7 RBE973
Reply

Re: CSRF/LocalFile/XSS product Vulnerability

dallascowboyswo
Aspirant

CSRF/LocalFile/XSS product Vulnerability

Netgear CM600, I was wondering if the CSRF / LocalFile / XSS product vulnerability has been fixed yet?

I bought one and it has firmware version V1. 01.05

Model: CM600|CM600 High Speed Cable Modem
Message 1 of 6
mediatrek
Virtuoso

Re: CSRF/LocalFile/XSS product Vulnerability

v1.01.05 has that vulnerability. It was first reported by Netgear in late Fall 2015. In December 2015 Netgear started giving fixed firmware to some cable MSO's (Comcast first if I recall). I am on Time Warner Cable (now Spectrum), and that MSO three months ago JUST approved the Netgear patched firmware for the CM600 (on TWC/Spectrum that is v1.01.12). Sadly the policy for my cable MSO is they no longer push firmware updates to consumer-owned modems, even if there are known security vulnerabilities.  

Message 2 of 6
dallascowboyswo
Aspirant

Re: CSRF/LocalFile/XSS product Vulnerability

I checked and the current firmware for other ISPs is  V1.01.06 . I use Suddenlink. I contacted Suddenlink twice and they stated they could not update the firmware. On the 3rd time the Tech said he attempted to update the firmware but when I rebooted I still had v1.01.05 So they were unable to update my firmware. Should I be concerned. Has the latest firmware been pushed to Suddenlink?

Message 3 of 6
DarrenM
Sr. NETGEAR Moderator

Re: CSRF/LocalFile/XSS product Vulnerability

Message 4 of 6
dallascowboyswo
Aspirant

Re: CSRF/LocalFile/XSS product Vulnerability

DarrenM

Yes that is the KB I saw and that I  was referring to that got me started on the quest to redeem my firmware. Any idea if this has been pushed to Suddenlink, which is my ISP.

Message 5 of 6
dallascowboyswo
Aspirant

Re: CSRF/LocalFile/XSS product Vulnerability

After not being able to resolve this issue via Netgear or my ISP Technical support I returned the product and bought an Arris Surfboard SB6190.

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 2214 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi 770 Series