Netgear Armor found vulnerability in R7900 but I have the latest Firmware
I subscribe to Netgear Armor and it ran a scan yesterday and identified a vulnerativlity with the Netgear R7900 router. The error is "/http protocol accepts unencrypted (plain text) logins.". I thought this had been fixed in the latest Firmware but apparantly it isn't. I am using firmware Version 1.0.4.26 which seems to be the latest version based on Netgear support site https://kb.netgear.com/000062098/R7900-Firmware-Version-1-0-4-26 .
I currently run this device as an "Access Point" with only the highest frequency 5Ghz band enabled. 2.4 and the lower 5ghz are disabled. It is the primary coverage device for the media room. The real router in my setup is a netgear R7900P doing all the DHCP and interfacing with the modem.
Is there a new firmware coming to resolve this? Does Netgear know there is this problem ? In the mean time is there any feature or port I can turn off in the router to reduce the vulnerability that won't affect my network operation?
Re: Netgear Armor found vulnerability in R7900 but I have the latest Firmware
Well, your R7900P does have this "feature" the scanner claiming to be a vulnerability, too. Not truly a vulnerability, more a policy question. In most closed home networks, and for many embedded devices still the connection of choice - for many models (like the R7900) the only choice AFAIK.
Look, when extending the scan to true business grade https there would should be bunches of issues reported - all ways beyond of what a home user can achieve without being an IT professional, without owning a private domain, without valid certificates signed to your very own domain, without reverse lookup IP->hostname matching, and much more.
Re: Netgear Armor found vulnerability in R7900 but I have the latest Firmware
Screenshot attached of the error report from Netgear Armor about its vulnerability analysis of the Netgear R7900 on my network.
Topography: Netgear Armor is associated with my Netgear R7900P which is the DHCP Router for the home. The device that Netgear Armor flagged as vulnerable is an R7900 (no p) that I have in my network operating as an access point mode and is plugged directly into the 7900P that Armor is running on.
Anyway I have been checking firmware versions frequently and there is nothing new since early August.
The device that Netgear Armor flagged as vulnerable is an R7900 (no p) that I have in my network operating as an access point mode and is plugged directly into the 7900P that Armor is running on.
Most Nighthawk Routers use the so called Basic Authentication - over http lack of a https implementation on the earlier devices. On the R7900 (and the similar R8000 oddly available for the remote access, but not for the LAN access). Nothing wrong with Basic Auth over https even over the Internet - however a reasonable scanner should (and does) report it.
Under the line, nothing that wrong for an admin login an isolated, private [W]LAN for the remaining lifetime of these products.
