Netgear Nighthawk M1 vulnerability

lenl · ‎2019-09-20

When will Netgear release a solution / fix for the Netgear Nighthawk M1 vulnerability as mentioned in the link below ?

VulDB 140070 · CVE-2019-14527
Netgear Nighthawk M1 prior 12.06.03 Web Interface System Command privilege escalation
https://vuldb.com/?id.140070

Blanca_O · ‎2019-10-02

Hi, All,

This has been brought up already to engineers. No security vulnerability has been found on our test.

Please check reference link:

https://kb.netgear.com/000061155/Security-Advisory-for-Firmware-Encryption-on-MR1100-PSV-2019-0055

Regards,
Blanca
Community Team

View solution in original post

Oxygene · ‎2019-09-20

Upgrading to version 12.06.03 eliminates this vulnerability.

lenl · ‎2019-09-20

But the Nighthawk M1 says there is no new firmware update
Is there a way to manual download new firmware ?

Blanca_O · ‎2019-10-02

Hi, All,

This has been brought up already to engineers. No security vulnerability has been found on our test.

Please check reference link:

https://kb.netgear.com/000061155/Security-Advisory-for-Firmware-Encryption-on-MR1100-PSV-2019-0055

Regards,
Blanca
Community Team

sena71 · ‎2019-10-16

lmaooo are you sure about that? then explain to me how im able to force a telnet session with the internal linux/busybox OS? smh you guys couldn't even be bothered to change the root password from the default "oelinux123"

sena71 · ‎2019-10-16

https://imgur.com/a/Q0RJwNb

So tell me, are you absolutlely 100% sure there is no exploit?

Netgear Nighthawk M1 vulnerability

Netgear Nighthawk M1 vulnerability

Re: Netgear Nighthawk M1 vulnerability

Re: Netgear Nighthawk M1 vulnerability

Re: Netgear Nighthawk M1 vulnerability

Re: Netgear Nighthawk M1 vulnerability

Re: Netgear Nighthawk M1 vulnerability

Re: Netgear Nighthawk M1 vulnerability