- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Two leading Netgear routers are vulnerable to a severe security flaw
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@michaelkenward wrote:
@zipcard wrote:I tested my D6400 and it is also vulnerable, your security notice only mentions the R6400 so please dont forget the DSL versions of the same routers too.
Which firmware do you have on the D6400?
I have firmware V1.0.0.54_1.0.54 installed.
When I run the test it comes back with a page listing linux os version and other bits of info, if your unaffected it should be blank or give an error so I assumed the D series are also vulnerable.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
and it's very public now: http://fortune.com/2016/12/12/netgear-router-models-critical-vulnerability/
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Hopefully we see an R7800 FW soon
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
"" Acew0rm alerted Netgear to the problem on Aug. 25, but never heard back, the researcher told Fortune in a direct message on Twitter. So four months later, Acew0rm took the find public ""
If that doesn't sum up Netgears support (or lack of) with Firmware updates, I don't know what does!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
I flashed the beta firmware on my R6400 in the early hours and after some basic testing it seems the issue has been resolved.
I tried 2 different tests, all done in Edge and Firefox.
-Running the reboot command directly: Was prompted for credentials
-Running the reboot command in a tab while another had routerlogin.net logged in: Was prompted for credentials once more
The fact that a fix had come four months after being reported is still ridiculous, but at least I can now remain on stock firmware without jumping to open source solutions.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@SeaSalt Thank you for the confirmation that the beta resolved it. I will forward it to our engineering team your feedback.
Again, thank you and we appreciate your continued patience as we fix the issue.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@BoDEAN wrote:
Hopefully we see an R7800 FW soon
The R7800 is not in the list of known affected models that we've verified are affected at this time. Are you running the latest firmware (please confirm the actual version number) and have you checked to see if your system is vulnerable?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@ElaineM Not a problem, I'm glad to hear a fix is on its way.
Hopefully you can nudge the engineering team a bit regarding features that still aren't there (android VPN support, for example).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
SeaSalt, I gave up on actual support from netgear and flashed my device with DD-WRT. At least I get actual support from the OpenSource community... You would figure that a company who actually makes money on a product would take support of their product more seriously than someone doing the job in their spare time for free... but apparently that is not the case. I owned the device less than a year and after spending a decent amount of money on it I had to wash my hands of the vendor... talk about disappointing!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@climb74 I agree, I'm incredibly dissapointed with my purchase. There's a lack of support from Netgear and that is unnerving for the price point of these products.
I tried out the open-source solutions, and though the featureset satisfied me, the throughput for wireless and wired was much lower compared to Netgear's stock firmware. I can't jump ship just yet, at least until the open-source community improves the firmware.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@GinaGerson Thank you for the link, I'll definetly test this out on my R7000 later today.
However there doesn't seem to be a similar solution for my R6400, which resides downstairs. My fingers are crossed for more support from other developers!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
But the vulnerbility is to the router's admin UI running on the internal LAN. Correct me if I am wrong but the UI
is not available to the WAN/Internet IP of the router unless remote administration is turned on? I'm not saying its not a bad problem just that it seems exploitable only from the LAN (wireless and wired).
I tried limiting the administration to just a small internal IP range and the router would not allow the change saying invalid IP.. perhaps if I had a PC with an internal static IP and I limited the UI to just that single IP? ( I know linksys allows the
adminUI to run on wired connections only...not so with the netgear).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@RMinNJ It's -among other things- run from a script f.e. from a website you load on a browser on your pc, that's on your internal network. It's a real threat.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Yeah, this is the last Netgear product I'll ever buy.
I save my money to finally buy a nice premium router for my home, and this is the kind of treatment I get?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
meetloaf we've already released beta firmware for your R7000 with a fix.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Netgear has had since August to address this issue and has done nothing. Anyone still using stock firmware is being foolhardy, Netgear has shown themselves to be inept and uncaring about their exisitng customer base. Here is the scoop from Toms Hardware;
http://www.tomshardware.com/news/netgear-critical-security-vulnerability-router,33173.html
Again, I recommend to all R7000 customers that they download and install the Asus-Wrt firmware referenced earlier in this thread.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Thanks slot Netgear, I like knowing my router just hit its expiration date from every tech news outlet. Seeing recommendations that I shouldn't use the router from security officials is **bleep**ty when there was an opportunity to fix it
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@RMinNJ wrote:But the vulnerbility is to the router's admin UI running on the internal LAN. Correct me if I am wrong but the UI
is not available to the WAN/Internet IP of the router unless remote administration is turned on? I'm not saying its not a bad problem just that it seems exploitable only from the LAN (wireless and wired)....
Could someone verify this?
I realise that someone could trick me into visiting a web page with a script that executes the commands to give root access etc....
BUT, if I go to only reputable web sites that I have bookmarked and use noscript etc religiously, then is the risk mitigated or reduced substantially?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Web pages aren't just simple HTML pages anymore.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@ScottKitty wrote:
Thanks slot Netgear, I like knowing my router just hit its expiration date from every tech news outlet.
There is beta firmware with a fix available for your R7000 with production firmware on the way. Your router has not hit an "expiration date".
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Putting an ETA on things like that is always difficult as it's difficult to predict how long QA testing will take. If both no regressions (issues not present in the previous firmware release) are found and included fixes are verified readily then it will be quicker than if we decide that there is more changes needed.
Naturally we are as keen as you for this process to complete as quickly as possible and we will update the advisory when the final version is available.
Thanks for your patience.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@mdgm wrote:
NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, R8000 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384...
Please "pin" above link to the top of the page on home routers https://community.netgear.com/t5/WiFi-Routers/ct-p/home-wifi-routers
This should be prominently listed on the top of every thread pertaining to the affected devices.
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more