NETGEAR Routers and CVE-2016-582384 security vulnerability

I do the have file, but it is hanging when trying to upload to the router.

I have the same sort of issue on the R6900 and closing the browser and logging in from another machine didn't affect anything as the update never actually starts the overwrite. I think it gets stuck after uploading the new firmware file and before it actually starts to overwrite files.

Thanks for the replies.  I went ahead and closed the browser while the (hanging) update was taking place and everything seems to be okay with the router.  The upload to the router must have never happened so I'll give it some time before attempting again (if ever).

@RELamb Are you absolutly sure you got the right firmware for YOUR router? Otherwise, try to download it again from Netgear, maybe the file is incomplete or damaged.

And did you unzip the file? Just asking 😉

---

@GinaGerson wrote:

@RELamb Are you absolutly sure you got the right firmware for YOUR router? Otherwise, try to download it again from Netgear, maybe the file is incomplete or damaged.

 

And did you unzip the file? Just asking 😉

---

Heed this advice. It is important.

You should get an error if you have the wrong firmware, but this patch is such a rush job that who knows what is going on?

If your new firmware is not a beta version, you could try telling your modem/router to find and install the update. Instructions are in the manual for whatever box you have.

UPDATE: I tried the update from my Windows 7 laptop using WiFi and the process completed very quickly. I did NOT lose any of my custom settings for SSID or passwords.  I guess a Mac can't handle something in the transfer.

I was unable to follow the published instructions for updating the firmware on my R6250. But I did use the Netgear Genie to update the firmware. Much simpler. 

My question is: Does the Netgear Genie update to V1.0.4.6_10.1.12 contain the fixes needed?

I have the netgear R7800 Nighthawk X4S AC2600 and when I try the recommonded advise to see if my router might be affected with the bug. I get the number 0 on the screen. Not a blank page or an error. It makes me think mines is affected with this issue. I used the  http://[router-address]/cgi-bin/;uname$IFS-a . The router address being my router IP.  The only response from a moderator is it's not in affected devices list. 

Model # : R7800

Firmware: V1.0.2.12

OS: Windows 10 

Browser: Chrome

 I own two of these units, and didn't hear anything about this until I read about it on Kim Komando, along with the link for the update fix. (Hopefully) Security communicatoions has got to be better than this! 

Hell there Boyce.

The only ones that will show up with the genie are "factory releases". Those still in beta won't be there.

If you look at the advisory:

Security Advisory for VU 582384, PSV-2016-0245 | Answer | NETGEAR Support

It says that "All products followed by three asterisks (***) have production firmware fixes available."

The R6250 is one of those.

For more details, put your model into the support system:

Support | NETGEAR

This will throw up the support pages for your device

 R6250 | Product | Support | NETGEAR

where you can click through to a page of firmware and software updates. That will list all the available releases in all their glory. That too shows that you are up to date. Christmas has come early for you.

---

@NotHome wrote:

 I own two of these units, and didn't hear anything about this until I read about it on Kim Komando, along with the link for the update fix.

---

Two of what units? The subject here is wrong and some reports turned out to be false alarms.

You must have missed out on, or failed to register for, the email updates that brought many people here. It has also been all over the interwebs, as you will see from the length, and age, of this discussion.

Thanks. I'll try that and see if I get any further than by trying the instructions Netgear e-mailed  me.

And thank you also for wishing me hell. 🙂

On second reading, it seems that you are telling me that the Genie found the requisite update and installed it. Is that right? Is the fix already in this "factory release"?

---

@BoyceRensberger wrote:

Is the fix already in this "factory release"?

---

Seems like it.

You are one of the lucky ones with a device that is no longer still in the labs demanding attention.

---

@katedan19772001 wrote:

The only response from a moderator is it's not in affected devices list. 

Model # : R7800

 

---

You can continue to monitor our security advisory page for this vulnerability to see if there is any change as our review continues.

It's definitely in Netgear's list of affected devices. That's what Netgear told me in an e-mail. Also see this: http://kb.netgear.com/000036540/R6250-Firmware-Version-1-0-4-6?cid=wmt_netgear_organic

My question was not that. It was whether the update via Genie covered the problem.

So, after getting the (late) alert from Netgear, I immediately tried to log in to my router, but the site was blocked. After doing a hard reset at the router, I was able to get to the site, but only after bumping out "another user" who was logged in to the router. I'm thinking this was a bad actor who had access to my network. True?

To Netgear: the fact that you didn't prevent this vulnerability, compounded by your slow response, is unacceptable. This is not just a firmware hiccup. My entire network, including all of the devices that access it, and all of my passwords, may have been breached.

---

@Dougaloo wrote:

So, after getting the (late) alert from Netgear, I immediately tried to log in to my router, but the site was blocked. After doing a hard reset at the router, I was able to get to the site, but only after bumping out "another user" who was logged in to the router. I'm thinking this was a bad actor who had access to my network. True?

 

You aren't the first person to think that logging into your router takes you to a Netgear site. There is no "site", nor is there another user. That was you.

When you login to the router, you go to the local browser based interface for your hardware. You can do that even if you are not connected to the Internet. Indeed, you have to get in there before you have an Internet connection so that you can set up your hardware to get connected.

So, you can be pretty sure that there is no "bad actor" wreaking havoc on your network. Just you logged in twice.

For all the flap about this nasty "back door" issue, I haven't seen any reports here of anyone exploiting this feature. Netgear rushed out fixes within a week or so of the news going public.

Michael, thanks for your reply and clarification. Actually, I used the word "site" incorrectly. I know that when I try to log into my Netgear console, I'm not going to a site, but instead I am logging in through a local network browser.

Still, I was concerned when, after doing a reset at the router, when I tried to log in to the console, I got a warning that someone else was logged in. I've done resets before and never have seen this message before, so that's what concerned me. Another cause for concern was that I did have my Remote Management option checked prior to receiving the message from Netgear. I've now disabled that, as I don't really need remote access anymore.

As for Netgear rushing out fixes, c'mon, they knew since August! But I'm hoping you're right, and despite this vulnerability, that the breach wasn't exploited by hackers.

Thanks to you and the Netgear community for your helpful support.

---

@Dougaloo wrote:
I got a warning that someone else was logged in. I've done resets before and never have seen this message before, so that's what concerned me.

---

I've seen that "logged in elsewhere" message pretty often. But I have three PCs on my desk (don't ask) so I have more "opportunities" to get bitten.

---

@Dougaloo wrote:

As for Netgear rushing out fixes, c'mon, they knew since August! But I'm hoping you're right, and despite this vulnerability, that the breach wasn't exploited by hackers.

 

---

In theory, that's true. But if you read the subsequent (refreshingly honest) communications from Netgear it turns out that the company did not take those first reports seriously. That or the warning got stuck in the system.

It wasn't until the people who first alerted Netgear went public earlier this month – alerting hackers and potential evil doers to the possibilities – that Netgear finally got its act together. It then threw itself into fixing the issue. So it really was a rush job, but after a delay that never should have happened.

I downloaded and installed this new firmware release on my R7000 router.  It seems to have automatically changed my Wireless Network Name and Wireless Network Key.  Is that what is supposed to happen ?  

I downloaded the zip file, unpacked the .chk file and manually accomplished the firmware update.

The firmware version I started with was V1.0.7.2_1.1.93 and after the update had 1.0.7.6_1.1.99.  This process did not change either my network name or network key on either the 2.4 Ghz or 5 Ghz band.

It may depend on what version of firmware you started with prior to the update.

http://www.securityweek.com/remotely-exploitable-0-day-impacts-netgear-wnr2000-routers

Perchance did you RESET the router AFTER you applied the new firmware? In that case, yes, it sets you back to the default state on all settings.