Re: Bad Access Rights

nmbr1swimmer · ‎2016-12-09

So my eset smart security has found a vulnerability in my router. it is EDB-31617.A,

I have called eset and netgear and so far no one can figure it out. It is about Bad Access Rights to the router. If anyone can help that would be amazing.

Thanks!

DarrenM · ‎2016-12-12

Hello nmbr1swimmer

Thank you for your concern. NETGEAR values your input and takes the security of our customers and their data very seriously. We regularly monitor our products for security issues and we provide detailed information at www.netgear.com/about/security. In addition, if you have any security concerns, you can reach us at security@netgear.com.

DarrenM

Kbayguy · ‎2016-12-13

I received the same warning from ESET Smart Security 10.0.369.0 regarding my C3700-100NAS. Do you have a public statement and fix for everyone with this problem?

mopar69 · ‎2016-12-27

I have received the same error. I contacted security@netgear.com and I am awaiting a reply.

guitartist · ‎2016-12-28

Based on my research, this appears to be due to not being able to change the default username from admin. I can confirm this is true of my WNDR4000 which has the very latest firmware...and, of course, is at end of life.

Good for Netgear...not for their customers.

So it goes in the game of technology and generating revenue.

mopar69 · ‎2016-12-29

Thanks for the response.

I ran the same tool on a Linksys router that has the username as admin and did not get the error. I trust that Netgear will do the right thing and issue a patch to close the vulunerability.

mopar69 · ‎2017-01-05

Model: R7900 Firmware: V1.0.1.8_10.0.14

Still waiting on a response from Netgear. I have emailed security@netgear.com and I also emailed their "updated" addresss techsupport.security@netgear.com

mopar69 · ‎2017-01-07

Here is a screen shot of the issue identified by Eset Smart Security Network Scan Tool.

GK201 · ‎2017-01-07

I got the same vulnerability message of Bad Access Rights ED8-31617.A

It is a month after you posted your message. Why do I get the feeling that no one at Netgeat is paying any attention?

GK201 · ‎2017-01-07

I got the same vulnerability message of Bad Access Rights ED8-31617.A

It is a month after you posted your message. Why do I get the feeling that no one at Netgeat is paying any attention?

michaelkenward · ‎2017-01-08

@GK201 wrote:
Why do I get the feeling that no one at Netgeat is paying any attention?

DarrenM is a Netgear person. Doubtless he will have passed this on if it is a Netgear issue and a false alarm down to eset smart security.

Sadly, "false positives" are a fact of life in the security world. As this one seems to be exclusive to eset smart security, I would raise it with them if you haven't already.

There have also been one-off, but long standing, issues with Kaspersky. Unfortunately, Kaspersky doesn't seem keen to fix it, perhaps because it isn't security critical. It just messes up people who want to get at their Netgear hardware.

One thing you should do, or course, it to check this security advisory:

Security Advisory for VU 582384, PSV-2016-0245 | Answer | NETGEAR Support

And then see if it applies to you and implement the updates suggested there.

GK201 · ‎2017-01-08

Model R8000, which has all updates installed got an ESET Bad Access warning that was reported by others to NetGear over a month ago.

ESET vulnerability is EDB-31617.A

michaelkenward · ‎2017-01-08

ESET vulnerability is EDB-31617.A

I know. I read the messages before I replied.

Why do you assume that it is a real security issue that is down to Netgear?

As I said, this may be a false positive. Has anyone asked eset about this?

mopar69 · ‎2017-01-28

I haven't found information on what the actual vulnerability is to do my own analysis of it being a false positive or not. I asking ESET via email about it they say that Netgear needs to provide the details.

Hangfire · ‎2017-03-20

I received the same message: Potential vulnerability found EDB-31617.A Not only did I get that message but it appears that ESET has shut down my home network. I have a Dell with Win10 connected to a home built running WinXP. The Win10 computer is the one that is affected and for some reason I'm unable to open the Netgear program to investigate the problem. The WinXP computer opens the Netgear program and the network map shows that the Win10 system is still connected.

I read through all the messages here hoping that a fix would be reveiled but no, the computer I use for reference (I write) is just acting as a large paper weight. My next step is to contact Netgear and ESET. I wrote here just to add to the numbers of Netgear users suffering from this problem.

DarrenM · ‎2017-03-24

Hello Hangfire

Have you updated you modem to the latest Firmware?

DarrenM