Orbi WiFi 7 RBE973
Reply

D6000 Vulnerability 582384

jjscruff
Aspirant

D6000 Vulnerability 582384

Got a couple alerts from my ISP that i have a vulerability on my network.
Came in the same time i started using a D6000 netgear router.
I saw this page showing the vulnerability that has been addressed by Netgear, but my router wasn't listed
https://kb.netgear.com/000036386/CVE-2016-582384

I checked and my firmware is up to date.
Is the D6000 no longer safe to use?

Thanks

Model: D6000|AC750 WiFi Modem Router - 802.11ac Dual Band Gigabit
Message 1 of 4
jjscruff
Aspirant

Re: D6000 Vulnerability 582384

Couldn't find  a point of contact for netgear.
Do they ever read these forums?

Message 2 of 4
jjscruff
Aspirant

Re: D6000 Vulnerability 582384

guess i'll just get hacked then cheers guys

Message 3 of 4
antinode
Guru

Re: D6000 Vulnerability 582384

> Model: D6000|AC750 WiFi Modem Router - 802.11ac Dual Band Gigabit

 

   Firmware version?  Connected to what?  (DSL?  Other?)

 

> Got a couple alerts from my ISP that i have a vulerability on my
> network.

 

   How would they know?  Do you have Remote Management enabled?  If not,
then I'd expect that a problem like "allows unauthenticated web pages to
pass form input directly to the command-line interface" could be
exploited only by a device/user on your LAN.  That would still be
undesirable, but perhaps less so than if it could be exploited by anyone
in the solar system.


> Couldn't find  a point of contact for netgear.

 

   Look again, more closely, at the "Security Advisory" KB article to
which you provided a link above?  I see a Web page and an e-mail address.


> Do they ever read these forums?

 

   "ever" is a long time.  There seems to be one poor fellow whose job
is to respond to threads which have gone unanswered for a few months.

 

   Do you ever read the stuff which you post?

 


> guess i'll just get hacked then [...]

 

   Perhaps.

 

 

   In case anyone ever does look here...


   What's wrong with this picture?:

 

      NETGEAR has completed testing on the latest firmware versions of
      its entire currently shipping WiFi router portfolio [...]

 

Hint: How would I know if my device is not on that vulnerable list
because it's not affected, or because it wasn't in that "portfolio"?


   Or:

 

      NETGEAR has tested and confirmed that the D7000 is not affected by
      this command injection vulnerability.

 

Would that be the D7000[v1], or the D7000v2, or both, would you guess?

Message 4 of 4
Discussion stats
  • 3 replies
  • 1346 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi 770 Series