- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Latest Security Vulnerability KB Article links to old R7000 Firmware
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The KB Article for the latest security vulnerability links to the firmware version 1.0.5.70 firmware for R7000:
Isn't that version vulnerable to "Security Advisory VU 582384"? How come we should "downgrade" from 1.0.7.6 to 1.0.5.70 to fix this vulnerability?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The link in the article has been updated to the latest firmware available for R7000.
Thank you guys for bringing this to our attention.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Latest Security Vulnerability KB Article links to old R7000 Firmware
@R7_0_0_0_User wrote:
The KB Article for the latest security vulnerability links to the firmware version 1.0.5.70 firmware for R7000:
Isn't that version vulnerable to "Security Advisory VU 582384"? How come we should "downgrade" from 1.0.7.6 to 1.0.5.70 to fix this vulnerability?
Yes it is vulnerable to VU 582384, and you shouldn't downgrade to it.
If you look at http://www.netgear.com/about/security/?cid=wmt_netgear_organic , you'll see the article you linked in published May 9th 2016 - it is not the "latest security vulnerability". Unfortunately the KB articles don't include that date (only the date the page was last updated, which can be misleading).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Latest Security Vulnerability KB Article links to old R7000 Firmware
Hi StephenB
Thanks for the infos. I found the link here: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5521 this is why I called it the "latest security issue". Are you saying that
CVE-2017-5521 is not a current or new security issue? German Tech-Press (heise.de) posted last week that netgear devices have a new "big" hole and also pointed to these links.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Latest Security Vulnerability KB Article links to old R7000 Firmware
@R7_0_0_0_User wrote:
Hi StephenB
Thanks for the infos. I found the link here: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5521 this is why I called it the "latest security issue". Are you saying that
CVE-2017-5521 is not a current or new security issue? German Tech-Press (heise.de) posted last week that netgear devices have a new "big" hole and also pointed to these links.
I agree that the CVE is current, and points to that KB article ( https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5521 ). And the CVE says the issue was vendor-reported.
I don't work for Netgear, so I don't have any inside info here. What I do know is that particular security issue was posted in May 2016.
So this is quite confusing. Hopefully Netgear can clarify it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Latest Security Vulnerability KB Article links to old R7000 Firmware
But that link points to old firmware....? Or....?
I am now using R7000-V1.0.7.6_1.1.99.chk
It was suppossed to take care of a recent vulnerability. But is this another older one we talk about?
I read: Firmware fixes are currently available for the following affected devices. To download the firmware release that fixes the password recovery vulnerability, click the link for your model and visit the firmware release page for instructions:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Latest Security Vulnerability KB Article links to old R7000 Firmware
@thelemonkid wrote:
But that link points to old firmware....? Or....?
I am now using R7000-V1.0.7.6_1.1.99.chk
It was suppossed to take care of a recent vulnerability. But is this another older one we talk about?
I believe it is older, and likely not an issue with R7000-V1.0.7.6_1.1.99.chk. But I think Netgear needs to comment.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Latest Security Vulnerability KB Article links to old R7000 Firmware
I have forwarded this to our engineering team and waiting for their response.
Will provide an update as soon as I have one.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The link in the article has been updated to the latest firmware available for R7000.
Thank you guys for bringing this to our attention.
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more