Security Vulnerability #582384
NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (firstname.lastname@example.org), which is publicly disclosed from the NETGEAR Product Security Advisory page. We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues. When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner.
This vulnerability, which has come to be referred to as VU 582384 was overlooked in our review process. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, began our standard process of validating prior to making any public statements. Once it had been disclosed that the first notification occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.
After NETGEAR had actual knowledge of the security risk on Friday, our engineers began working quickly to address it. NETGEAR has now updated the Knowledge Base article related to the recently discovered Security Vulnerability #582384, which has been reported to affect at least three NETGEAR routers – R7000, R6400 and R8000. This vulnerability puts a network at risk by allowing for unauthenticated web pages to pass the command-line interface leaving open the potential for arbitrary command execution by remote attack.
Please see the latest Security Advisory from NETGEAR to download a beta firmware fix for the initial three routers plus two others that were reported to be affected and learn more about further updates regarding additional routers we have tested and the recommended course of action.
You can read what has been disclosed publicly by NETGEAR by visiting the link below:
It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity. We do take the security of our products and our customers’ networks seriously.
NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
NETGEAR is continuing our investigation of the issue and will continue to provide updates to the security advisory article as we make more progress on addressing this issue.
If you would like to be notified of NETGEAR security updates or would like to learn more about the company’s security policy, please visit: NETGEAR Product Security Advisory.