Firmware update for MR1100? (Security)

BarryOgus · ‎2019-11-24

There have been reported serious security issues with the Nighthawk M1 Mobile Router, and security updates have been issued to fix those. However, going through my router's menus, it says no update is available, and looking at https://www.netgear.com/support/product/MR1100telstra.aspx#download , it appears that perhaps no update has been issued for the Telstra branded Australian version of this router.

Is this correct?

Is there somewhere else i should be looking for the upgraded firmware?

Is an update expected any time soon?

Can I safely apply the firmware from another variant of the router?

My current firmware is NTG9X50C_12.06.02.00. The Problems are reportedly fixed in firmware version 12.06.03.

[ I can see that this problem has been raised before at https://community.netgear.com/t5/Mobile-Routers-Hotspots-Modems/Netgear-Nighthawk-M1-vulnerability/m... . Unfortunately the supposed answer to that question addressed a different security issue (i.e. Firmware Encryption) to the one that was asked about (i.e. Web Interface System Command privilege escalation).]

sena71 · ‎2019-11-26

Lol don't bother. I've posted here before with screenshots of myself having root access to the router but they don't bother to reply. Probably because they figured it's easier to just ignore.

As a side note, if anyone wants decrypted .spk images of the firmware files let me know. I can decrypt any of them as long as i have the file. I've also got my hands on the AT&T firmware image file which isn't publicly posted in case anyone is having issues updating to the latest one.

The decrypted image files can't be flashed using FDT; you have to reencrypt the body and the headers using the appropriate keys in order for the device in Qualcomm EDL 9008 mode to recognize and flash it.

Firmware update for MR1100? (Security)

Firmware update for MR1100? (Security)

Re: Firmware update for MR1100? (Security)