Re: Security Update from NETGEAR?

DERoss · ‎2017-06-21

This morning (21 June 2017), I received an E-mail message with the Subject: "Important Security Update from NETGEAR: New Firmware Is Available for Your Product". For the following two reasons, I suspect this is a fake.

1. Nowhere in the Netgear Web site can I find any reference to a late June report of a security vulnerability.

2. When I open my router configuration, select Advanced and then check for updates, none are found.

Is this a real message from Netgear? If yes, why cannot I find the update? If not, I have saved the message if Netgear would like to investigate.

thenry · ‎2017-06-21

I received one of these as well. Is it legit?

The sticker on my router says model B90, but the email says model WNR2000v3.

HCE · ‎2017-06-21

I have received the same email but want to know if it is a scam before doing anything

User8472 · ‎2017-06-21

The email was sent from a Netgear IP address, so I'm guessing it's legitimate. However there was no new firmware update or security patch for my PR2000. Seems like a major screwup by Netgear. However there is no method of contacting their support dept and I really doubt their staff even looks at these forums. I doubt we'll ever have an answer. EPIC NETGEAR SUPPORT FAIL.

I'm really interested in the security vulnerability, I don't want to be exposed to attack.

DERoss · ‎2017-06-21

The origiinal message source indicates the message was sent from a server with the IP address 136.147.187.62. A WhoIs query indicates that IP address belongs to either Salesforce.com, Inc. in San Francisco or else ExactTarget, Inc. in Indianapolis. According to Wikipedia, ExactTarget was the original name of Salesforce.com; but neither is connected to Netgear.

The return E-mail address domain was NOT netgear.com but e.netgear.com. A DNS lookup for netgear.com yields the IP addresses 54.200.99.0 and 54.218.118.186, both of which belong to Amazon. A DNS lookup for e.netgear.com, however, yields the IP address 68.232.201.28, which belongs to ExactTarget.

Since the US-CERT (an agency of the United States Department of Homeland Security) has not reported a Netgear security vulnerability for June, this whole mess smells.

DERoss · ‎2017-06-21

I just remembered that I have a toll-free phone number for Netgear's technical support. I called them. The technical support person said he thinks there really is an update and that the message is legitimate. I replied that, when I tried to get an update through my installed Netgear Genie, I got the message that there is no new update available. He said that I should wait 2-3 days.

In the meantime, I finally navigated to Netgear's firmware download page for my router. My current version (updated over a year ago) is still listed as the latest version.

My strong recommendation is that updates should only be obtained through the Netgear Genie (or whatever your local router user interface is called) and definitely NOT through any E-mail message.

MelTinysTaxis · ‎2017-06-21

Thanks DeRoss you certainly know the right checks to make as I too thought the email was 100% genuine BUT I NEVER TRUST these types of emails and always research via official web site or just Google the main notice as I did this time and found this Forum, I have also often complained to HMR&C that they should not send emails with links in which I assume they have been told many times, but looks like they may now be wising up as I received a regular notice the other day without the usual links, about time too.

All the best, Mel Tinys Taxis Ltd Hitchin.

DarrenM · ‎2017-06-23

Hello Everyone

Netgear did send out this email to everyone so it is not a scam.

DarrenM

DERoss · ‎2017-06-23

No new firmware update is available via either the local router user interface (Netgear Genie) or the Netgear Web site.

The original E-mail "alert" correctly indicated that my router is WNR2000v5. However, the download Web page for WNR2000v5 firmware shows that the latest version is 1.0.0.42. I installed that version on 25 Jan 17, five months ago.

Either the "alert" is a fake (possibly an attempt to inject malware), or else Netgear's system is broken (evidenced by a very late warning to install a firmware update that was already installed).

DarrenM · ‎2017-06-23

Hello DERoss

It was a mass email just make sure your device is on the latest firmware.

DarrenM

UKuser · ‎2017-06-24

So have I.

I live in the UK - unable to find any phone number for netgear to check if it is a scam.

Tried several times to make a new post without success - just a message saying try again later - I suspect they are overwhelmed with concerned users and just can't cope.

Get some phone contact netgear or you will lose business.

Customer service = pathetic.

netwrks · ‎2017-06-24

@UKuser wrote:
So have I.
I live in the UK - unable to find any phone number for netgear to check if it is a scam.
Tried several times to make a new post without success - just a message saying try again later - I suspect they are overwhelmed with concerned users and just can't cope.
Get some phone contact netgear or you will lose business.
Customer service = pathetic.

No need to call. Just go here: https://www.netgear.com/support/ - Plug in you router name and check to see if there is a new fw version..

VictoriaSand · ‎2017-07-26

Salesforce is a CRM that a lot of big companies use. I use it in my job to send emails to customers because it keeps track of them, but makes it look like it came from my company's domain. Spectrum the cable provider uses Salesforce, for example. As did the former Time Warner Cable. That Netgear uses it too doesn't surprise me at all and doesn't raise any suspicion.