- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Firmware 1.0.7.6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@RELamb wrote:Need some direction here -I downloaded the firmware update (R7000-v1.0.7.6_1.1.99.chk) due to email I received about the latest Netgear vulnerability and I've been in download mode for over 2 hours now (says it will only take about 2 minutes).
This confuses me.
Do you mean you have the file you need somewhere on your PC or is it still trying to get the file?
Or do you mean that you have file and it is hanging when you try to upload it to the router?
It really should take next to no time to get the chk file.
The steps needed to flash the firmware appear in various messages above this one. For example:
There are more, but these should get you started.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
I do the have file, but it is hanging when trying to upload to the router.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
I have the same sort of issue on the R6900 and closing the browser and logging in from another machine didn't affect anything as the update never actually starts the overwrite. I think it gets stuck after uploading the new firmware file and before it actually starts to overwrite files.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Thanks for the replies. I went ahead and closed the browser while the (hanging) update was taking place and everything seems to be okay with the router. The upload to the router must have never happened so I'll give it some time before attempting again (if ever).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@RELamb Are you absolutly sure you got the right firmware for YOUR router? Otherwise, try to download it again from Netgear, maybe the file is incomplete or damaged.
And did you unzip the file? Just asking 😉
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@GinaGerson wrote:@RELamb Are you absolutly sure you got the right firmware for YOUR router? Otherwise, try to download it again from Netgear, maybe the file is incomplete or damaged.
And did you unzip the file? Just asking 😉
Heed this advice. It is important.
You should get an error if you have the wrong firmware, but this patch is such a rush job that who knows what is going on?
If your new firmware is not a beta version, you could try telling your modem/router to find and install the update. Instructions are in the manual for whatever box you have.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
UPDATE: I tried the update from my Windows 7 laptop using WiFi and the process completed very quickly. I did NOT lose any of my custom settings for SSID or passwords. I guess a Mac can't handle something in the transfer.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
I was unable to follow the published instructions for updating the firmware on my R6250. But I did use the Netgear Genie to update the firmware. Much simpler.
My question is: Does the Netgear Genie update to V1.0.4.6_10.1.12 contain the fixes needed?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
I have the netgear R7800 Nighthawk X4S AC2600 and when I try the recommonded advise to see if my router might be affected with the bug. I get the number 0 on the screen. Not a blank page or an error. It makes me think mines is affected with this issue. I used the http://[router-address]/cgi-bin/;uname$IFS-a . The router address being my router IP. The only response from a moderator is it's not in affected devices list.
Model # : R7800
Firmware: V1.0.2.12
OS: Windows 10
Browser: Chrome
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
I own two of these units, and didn't hear anything about this until I read about it on Kim Komando, along with the link for the update fix. (Hopefully) Security communicatoions has got to be better than this!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Hell there Boyce.
The only ones that will show up with the genie are "factory releases". Those still in beta won't be there.
If you look at the advisory:
Security Advisory for VU 582384, PSV-2016-0245 | Answer | NETGEAR Support
It says that "All products followed by three asterisks (***) have production firmware fixes available."
The R6250 is one of those.
For more details, put your model into the support system:
This will throw up the support pages for your device
R6250 | Product | Support | NETGEAR
where you can click through to a page of firmware and software updates. That will list all the available releases in all their glory. That too shows that you are up to date. Christmas has come early for you.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@NotHome wrote:I own two of these units, and didn't hear anything about this until I read about it on Kim Komando, along with the link for the update fix.
Two of what units? The subject here is wrong and some reports turned out to be false alarms.
You must have missed out on, or failed to register for, the email updates that brought many people here. It has also been all over the interwebs, as you will see from the length, and age, of this discussion.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Thanks. I'll try that and see if I get any further than by trying the instructions Netgear e-mailed me.
And thank you also for wishing me hell. 🙂
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
On second reading, it seems that you are telling me that the Genie found the requisite update and installed it. Is that right? Is the fix already in this "factory release"?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@BoyceRensberger wrote:Is the fix already in this "factory release"?
Seems like it.
You are one of the lucky ones with a device that is no longer still in the labs demanding attention.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@katedan19772001 wrote:
The only response from a moderator is it's not in affected devices list.
Model # : R7800
You can continue to monitor our security advisory page for this vulnerability to see if there is any change as our review continues.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
It's definitely in Netgear's list of affected devices. That's what Netgear told me in an e-mail. Also see this: http://kb.netgear.com/000036540/R6250-Firmware-Version-1-0-4-6?cid=wmt_netgear_organic
My question was not that. It was whether the update via Genie covered the problem.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
So, after getting the (late) alert from Netgear, I immediately tried to log in to my router, but the site was blocked. After doing a hard reset at the router, I was able to get to the site, but only after bumping out "another user" who was logged in to the router. I'm thinking this was a bad actor who had access to my network. True?
To Netgear: the fact that you didn't prevent this vulnerability, compounded by your slow response, is unacceptable. This is not just a firmware hiccup. My entire network, including all of the devices that access it, and all of my passwords, may have been breached.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@Dougaloo wrote:So, after getting the (late) alert from Netgear, I immediately tried to log in to my router, but the site was blocked. After doing a hard reset at the router, I was able to get to the site, but only after bumping out "another user" who was logged in to the router. I'm thinking this was a bad actor who had access to my network. True?
You aren't the first person to think that logging into your router takes you to a Netgear site. There is no "site", nor is there another user. That was you.
When you login to the router, you go to the local browser based interface for your hardware. You can do that even if you are not connected to the Internet. Indeed, you have to get in there before you have an Internet connection so that you can set up your hardware to get connected.
So, you can be pretty sure that there is no "bad actor" wreaking havoc on your network. Just you logged in twice.
For all the flap about this nasty "back door" issue, I haven't seen any reports here of anyone exploiting this feature. Netgear rushed out fixes within a week or so of the news going public.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Michael, thanks for your reply and clarification. Actually, I used the word "site" incorrectly. I know that when I try to log into my Netgear console, I'm not going to a site, but instead I am logging in through a local network browser.
Still, I was concerned when, after doing a reset at the router, when I tried to log in to the console, I got a warning that someone else was logged in. I've done resets before and never have seen this message before, so that's what concerned me. Another cause for concern was that I did have my Remote Management option checked prior to receiving the message from Netgear. I've now disabled that, as I don't really need remote access anymore.
As for Netgear rushing out fixes, c'mon, they knew since August! But I'm hoping you're right, and despite this vulnerability, that the breach wasn't exploited by hackers.
Thanks to you and the Netgear community for your helpful support.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Two leading Netgear routers are vulnerable to a severe security flaw
@Dougaloo wrote:
I got a warning that someone else was logged in. I've done resets before and never have seen this message before, so that's what concerned me.
I've seen that "logged in elsewhere" message pretty often. But I have three PCs on my desk (don't ask) so I have more "opportunities" to get bitten.
@Dougaloo wrote:As for Netgear rushing out fixes, c'mon, they knew since August! But I'm hoping you're right, and despite this vulnerability, that the breach wasn't exploited by hackers.
In theory, that's true. But if you read the subsequent (refreshingly honest) communications from Netgear it turns out that the company did not take those first reports seriously. That or the warning got stuck in the system.
It wasn't until the people who first alerted Netgear went public earlier this month – alerting hackers and potential evil doers to the possibilities – that Netgear finally got its act together. It then threw itself into fixing the issue. So it really was a rush job, but after a delay that never should have happened.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Firmware 1.0.7.6
I downloaded and installed this new firmware release on my R7000 router. It seems to have automatically changed my Wireless Network Name and Wireless Network Key. Is that what is supposed to happen ?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Firmware 1.0.7.6
I downloaded the zip file, unpacked the .chk file and manually accomplished the firmware update.
The firmware version I started with was V1.0.7.2_1.1.93 and after the update had 1.0.7.6_1.1.99. This process did not change either my network name or network key on either the 2.4 Ghz or 5 Ghz band.
It may depend on what version of firmware you started with prior to the update.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Firmware 1.0.7.6
Perchance did you RESET the router AFTER you applied the new firmware? In that case, yes, it sets you back to the default state on all settings.
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more