Orbi WiFi 7 RBE973

Is R6900 router affected by new (12/12) vulnerability?

fuelscience
Aspirant

Is R6900 router affected by new (12/12) vulnerability?

Is the R6900 (Costco variant of the R7000--slightly different) affected by the newfound vulnerability. If so, will the R7000 firmware upgrade work to protect it?

 

Thanks,

FuelScience

Model: R6900|Nighthawk AC1900 Smart WiFi Router
Message 1 of 8

Accepted Solutions
gafelli
Initiate

Re: Is R6900 router affected by new (12/12) vulnerability?

Follow up:

 

I installed the beta firmware for my Nighthawk R6900 and it appears to have fixed the cgi-bin vulnerability, and the router appears to be working with no loss of configfuration after the reboot.

 

So far, a happy ending...

View solution in original post

Model: R6900|Nighthawk AC1900 Smart WiFi Router,R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 6 of 8

All Replies
mdgm-ntgr
NETGEAR Employee Retired

Re: Is R6900 router affected by new (12/12) vulnerability?

The R6900 uses its own firmware. Don't try installing firmware for a different model.

 

The R6900 is not on the list of known affected models.

 

We mentioned in the Security Advisory "NETGEAR is continuing to review our entire portfolio for other routers that might be affected by this vulnerability. If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well."

Message 2 of 8
fuelscience
Aspirant

Re: Is R6900 router affected by new (12/12) vulnerability?

Thanks. The second link gave an error message, but the first returned the following:

 

Linux R6900 2.6.36.4brcmarm+ #17 SMP PREEMPT Sat Jun 27 18:29:04 CST 2015 armv7l unknown

 

I'm assuming that means that my R6900 is indeed affected.

 

FuelScience

Message 3 of 8
mdgm-ntgr
NETGEAR Employee Retired

Re: Is R6900 router affected by new (12/12) vulnerability?

Yes. I can see we have already updated the Security Advisory to reflect this. We don't have a beta firmware ready yet but we will update the Security Advisory when we do.

Message 4 of 8
gafelli
Initiate

Re: Is R6900 router affected by new (12/12) vulnerability?

I saw this vulnerability on the news.  I wasn't sure I was affected until I ran this:

http://192.168.1.1/cgi-bin/;reboot

 

And sure enough, my router rebooted!  This is an amazingly easy exploit.

 

I found the beta code on the website to fix the problem, but it looks like it is a little risky, based on the description.  So I called NetGear support and explained the problem.  They ask me for my serial number.  It turns out that I'm about 1 month past the free warrentee period, so the tech refused to even talk with me about the problem unless I paid for support.

 

Unbelievable.  Well, I will just install the beta code and hope for the best.  I work from home full time, so if it does not work, I will be scrambling for a replacement router.

Model: R6900|Nighthawk AC1900 Smart WiFi Router
Message 5 of 8
gafelli
Initiate

Re: Is R6900 router affected by new (12/12) vulnerability?

Follow up:

 

I installed the beta firmware for my Nighthawk R6900 and it appears to have fixed the cgi-bin vulnerability, and the router appears to be working with no loss of configfuration after the reboot.

 

So far, a happy ending...

Model: R6900|Nighthawk AC1900 Smart WiFi Router,R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 6 of 8
fuelscience
Aspirant

Re: Is R6900 router affected by new (12/12) vulnerability?

I installed the new firmware as well this morning, and all appears to be working well. 

 

FuelScience

Message 7 of 8
ElaineM
NETGEAR Employee Retired

Re: Is R6900 router affected by new (12/12) vulnerability?

Thank you for the confirmation that the firmware fixed it.


Should you have any more concerns or wants an update regarding this issue, please see the thread below.

 

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Two-leading-Netgear-routers-are-vulnerable-t...

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 3783 views
  • 1 kudo
  • 4 in conversation
Announcements

Orbi 770 Series