Reply
Kimyou
Initiate

New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

The NETGEAR WNR2200 - N300 Wireless Router is vulnerable to cyberattacks. According to Avast antivirus "Wi-Fi Inspector" the threats have the Catalog Id : CVE-2013-0229 and CVE-2013-0230. At the moment there is no firmware upgrade available for this product on the Netgear support website.

What can I do?

 

2017-04-07 07.12.19 MR-PC6_ps.jpg

 

2017-04-07 07.12.09 MR-PC6_ps.jpg

 

 

Message 1 of 13
ElaineM
NETGEAR Employee Retired

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

Kindly submit this as an inquiry through NETGEAR customer support at techsupport.security@netgear.com

ElaineM
NETGEAR Community Team
Message 2 of 13
schumaku
Guru

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

Nothing new - the problem exists for years on vitually all Netgear routers, all Netgear Nighthawk, Netgear WLAN acess points, probably on Extenders, ... It's in fact nice less techie users recognize such items thanks to much more user friendly (even free) software - and they start to bug the ignorant vendors.

 

Even the latest and greatest top of the line Netgear Nighthawk routers (including the R9000 with it's released 1.0.1.36 and the Beta 1.0.2.18) are reported vulnerable as per CVE-2013-0229 (DoS) and CVE-2013-0230 (DoS, arbitrary code execution). And many more by the way.


---

MiniUPnP < 1.4 Multiple Vulnerabilities
Description
According to its banner, the version of MiniUPnP running on the remote host is prior to 1.4. It is, therefore, affected by the following vulnerabilities :

- An out-of-bounds read error exists in the ProcessSSDPRequest() function in file minissdp.c that allows an unauthenticated, remote attacker to cause a denial of service condition via a specially crafted M-SEARCH request. (CVE-2013-0229)

- A stack-based buffer overflow condition exists in the ExecuteSoapAction() function in the SOAPAction handler, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a long quoted method, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2013-0230)

Output
  •   Server banner : R9000 UPnP/1.0 miniupnpd/1.0
      Installed version : 1.0
      Fixed version : 1.4
     
    Port
     
    Hosts
     
    1900 / udp / ssdp
    192.168.1.1

----
 
Up to now, the policy seems ot be that Netgear resp. the ODM does not update code as long as nobody does provide proof of the exploit.
Message 3 of 13
aeroman1
Aspirant

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

How do I upgrade to MiniUPnP to correct this issue, please, or how else can I correct it, please?

Message 4 of 13
Kimyou
Initiate

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

Here is a part of the message I recieved from Netgear.

 

"...

Please be informed that our engineers has tried to replicate the issue and according to them this is alert is false positive. NETGEAR has thoroughly tested that model and found that they are not vulnerable to CVE-2013-0229 and CVE-2013-0230. We are working with Avast to remove the false positive alert.

..."

Model: WNR2200|N300 Wireless Router|EOL
Message 5 of 13
schumaku
Guru

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

While it might be a false positive (read the vulnerability can't be abused currently), it's a bad policy not updating the code regardless so there is a version in place which does not indentitfy as 1.0.

 

Plenty of other vulnerability and audit tools which will never allow to suppress a suspect false positive.

Message 6 of 13
larsonreever
Aspirant

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

this is perfectly legit as long as you are using a strong WPA2 AES password and have no malware on your computer, As to the DoS attacks netgear routers are renound for seeing internet traffic as DoS attacks in the logs,

Message 7 of 13
citizen767
Tutor

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

I've read the reply above saying that my router is secure, and I guess I have to accept it.

 

I have Avast installed on the Windows machines on my network, in addition to the iMac I'm using now, and ever since I installed it has told me that my router has been compromised, has flaws, can be broken into easily, and so on. My network uses the Netgear N300 WNR2000v4 with the latest firmware, 1.0.0.66. It's been a good router for me, esp the nice interface.

It never has been broke into, as far as I know, but I still get these false positives. That's a real problem, because if a real problem ever occurs, how will I know? I'll assume it's another false positive by the antivirus program that cried wolf. I don't have the time or desire to research every time Avast rings the bell to make me salivate. I like the program, but it's tempting to ditch it for this reason.

I want to make sure: my router is secure and, two, that I bought a router than can be secure enough.

Google gave me some web sites to help check the security of my router. I also found an article in which someone insists we should use business class routers ($200 and up) rather than the consumer ones sold in big box stores. Would anyone like to comment on this? I don't know what to think, in part because this is the first time I've seen it recommended, and he seems to be the only one making the recommendation. Also, the companies that make consumer class routers, like Netgear and Linksys, make higher security routers for business . But he recommends the Pepwave Surf SOHO. Why them?

http://www.tomsguide.com/us/home-router-security,news-19245.html

"'If a router is sold at [an electronics chain], you don't want to buy it," independent computer consultant Michael Horowitz said in a presentation. "If your router is given to you by your internet service provider [ISP], you don't want to use it either, because they give away millions of them, and that makes them a prime target both for spy agencies and bad guys.'

"Horowitz recommended that security-conscious consumers instead upgrade to commercial routers intended for small businesses, or at least separate their modems and routers into two separate devices. (Many "gateway" units, often supplied by ISPs, act as both.)"

Message 8 of 13
citizen767
Tutor

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

The Avast warnings went away after I did this:

 

Go to www.routerlogin.net

Enter ID and password

Click on Advanced tab

Click on Advanced Setup

Click on UPnP

Uncheck the box "Turn UPnP on"

Message 9 of 13
larsonreever
Aspirant

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

according to the whitepaper details research conducted by Rapid7, which reveals that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. so, disable the UPnP protocol in any affected devices.

 

Message 10 of 13
ElaineM
NETGEAR Employee Retired

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

Edit: For users who are using WNR2200

 

Update the firmware of your router to fw ver. 1.0.1.102.

 

 

ElaineM
NETGEAR Community Team
Message 11 of 13
citizen767
Tutor

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

Not my router. I did upgrade the firmware last week when I couldn't get connected, but not with the file you mention, which is for WNR2200. I use WNR2000. Good thing I didn't follow your advice.

Message 12 of 13
ElaineM
NETGEAR Employee Retired

Re: New vulnerability discovered affecting Netgear routers WNR2200 - N300 Wireless Router

@citizen767 I apologize about that. It's specifically for users with WNR2200.

Edited the post.

ElaineM
NETGEAR Community Team
Message 13 of 13
Top Contributors
Discussion stats
  • 12 replies
  • 9374 views
  • 7 kudos
  • 6 in conversation
Announcements