Reply
Highlighted
Follower

Security flaw in the WNDR4500

This article: http://gizmodo.com/a-simple-security-flaw-puts-millions-of-wi-fi-routers-i-1705980884 has me worried.

Seems the warning should have come from Netgear but it didn't, and if you're out of warranty, you're *&%$ out of luck for getting even a suggestion from them on how to protect yourself.

The current firmwear doesn't seem to have a security patch of any kind, so I'm not sure that will help.

I have two questions:
1. Does anyone have a suggestion as to how one can close this hole?
2. Is the current firmware for the WNDR4500 stable and bug free?

Message 1 of 6
Highlighted

Re: Security flaw in the WNDR4500

Is there any evidence that anyone has exploited this "hole" or that modems have been brought to their knees? (The article does not say so.) I guess they might now that this "security firm" has gabbed. But I find it hard to get worked up about this sort of thing. Read the sales pitches disguised as research from those security firms and you would never get out of bed each morning.

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 2 of 6
Highlighted
Aspirant

Re: Security flaw in the WNDR4500

If it's USB-related, then I would guess this flaw can only be exploited from the private LAN side of the router. If your router is a typical home user router, then you have nothing to worry. Who's gonna hack you? Your neighbor? The article says this NetUSB driver is still loaded, even if you don't use ReadyShare or connect any USB devices to your router, it's just sitting there, loaded in memory. So, nothing you can do about it either.
Message 3 of 6
Highlighted
NETGEAR Employee Retired

Re: Security flaw in the WNDR4500

Take a look here;

http://kb.netgear.com/app/answers/detail/a_id/28393
____________________________
Working on behalf of Netgear
My name is Andy
Message 4 of 6
Highlighted
Aspirant

Re: Security flaw in the WNDR4500

The people who are most vulnerable to these kind of exploits are the ones who keep their networks wide open, e.g. no password, free wifi. I would guess a hacker would need to be connected and logged in to use this exploit, which means they need your password first. If it's password protected, then I see nothing to worry about.
Message 5 of 6
Highlighted

Re: Security flaw in the WNDR4500

Thanks for the explanation. I think I can sleep safely tonight.

The attack can only be launched from within the LAN network and not remotely from the Internet.


I trust my wife not to mess with my network. (She wouldn't know how to.)

Netgear's list of affected products is much shorter than the scare story that got this going. Which list should we believe?

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 10156 views
  • 0 kudos
  • 4 in conversation
Announcements