This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I'm not sure what I did, but it did not reset to the default name & password. It created a fairly long arbitrary Wireless Network Key (password), and named the Wireless Network Name: NETGEAR21
I'm just trying to make sure I haven't been hacked or something
I wouldn't think you were hacked, but you never know? If the SSID and Passphrase matches what was on your label for them on the bottom of the router, you probably were not. Somehow a RESET was performed. Maybe the code does that IF you are updating from and OLD F/W? All I can say I have NEVER seen this happen without me physically resetting the router, but I usually do upgrade with almost every NEW flash and will RESET and re-enter my settings almost every time.
If someone wanted too or had hacked into your router you would think the USERID and P/W would have been changed so you couldn't get in and see what was going on. The FIX was for a specific problem and I have NOT seen any report of any web site that implemented the problem code. Even then I personally am not sure what they could do but there are possibilities that could be done that could cause hacks into your LAN and access attached devices.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Talking about the routers R7000. I don't subscribe to every chat board for every piece of electronics I buy but my units are registered, so I would have hoped to recieve some kind of notice from Netgear. I just heard about this being a problem.
That's a different problem affecting different routers so really should be disccused in a separate thread. We have a Security Advisory available for that.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
I just attempted to complete the secruity fix for VU 582384. Following the instructions after downloading the zip file. I then loged into the router. However, working through the ADVANCED TAB then the ADMINISTRATION I was not able to locate FIRMWARE UPGRADE. There was NO choice for FIRMWARE UPGRADE.
Has anyone else encounted this issue and if so how did you proceed to upload the security fix?
Following the instructions after downloading the zip file.
Did you unzip the zip file?
You don't say which device you want to flash, but most of the firmware is now officially released. So you should be able to tell the modem/router to go get it without having to retrieve the file.
Sorry, I can't be more precise than that because I don't know what hardware you need to update.
Remember, not all Netgear devices are vulnerable to this security hole.
If you find the manual on the support site it will also have the instructions you need.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
The instructions with the updated firmware for the R7000 include item number 2:
2. Using the Download Link below, download and extractthe new firmware to a convenient place such as your desktop. The filename after extractingis R7000-V1.0.7.6_1.1.99.chk
Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
2. Using the Download Link below, download and extractthe new firmware to a convenient place such as your desktop. The filename after extractingis R7000-V1.0.7.6_1.1.99.chk
True, but remember that not everyone understands what extract means. Why should they?
Perhaps the instructions should have said "extract (unzip)".
These days you wonder why they zip things when they contain only one file. It isn't as if bandwidth is an issue any more.
2. Using the Download Link below, download and extractthe new firmware to a convenient place such as your desktop. The filename after extractingis R7000-V1.0.7.6_1.1.99.chk
True, but remember that not everyone understands what extract means. Why should they?
Perhaps the instructions should have said "extract (unzip)".
These days you wonder why they zip things when they contain only one file. It isn't as if bandwidth is an issue any more.
Well, not to insult anyone, there are other reasons for doing that (compressing the d/l file) possibly. One would be to save space on the servers. Also make it easier to handle umpteen requests as smaller files mean faster delivery for everyone. Also they probably use a single set of instructions from a template and just change the filename(s). Some might include a README file or even more than one file. Less chance of error that way.
As for one not know what 'extract' means, I get that. In this case one could ask or Google it, not hard to figure out? If one doesn't understand 'extract' would they understand 'unzip'?
If one knew how to set-up a router and the knowledge to do that they probably wouldn't be first time users of a PC either? If they do the setup of the router then someone else did? That person should have done the upgrade I would think?
Again, not trying to upset or insult anyone here, just my $0.02 worth on why it might be both compressed and detailed on what to do. Pjsand never mentions which Router the file was for either, and was told by you to 'unzip' the file and did that and it worked. It is possible that set of instructions is NOT in the d/l that was used?
I see nothing wrong with compressing d/l files (by anyone).
Well, not to insult anyone, there are other reasons for doing that (compressing the d/l file) possibly. One would be to save space on the servers. Also make it easier to handle umpteen requests as smaller files mean faster delivery for everyone.
The compression of a firmware file is minimal. A few percent, if that. Sometimes nothing. (I've just checked a handful.) Certainly not enough to make any difference to storage space of serving multiple requests. In any case, the update server holds an uncompressed file for routers to update themselves. So Netgear has to hold two copies of the thing.
@IrvSp wrote: Some might include a README file or even more than one file.
That's why I said "when they contain only one file".
True enough, particularly for router firmware. I think a more important advantage of the zip format is that it has a built-in integrity check. If the download is corrupted, the extraction fails.
@michaelkenward wrote: In any case, the update server holds an uncompressed file for routers to update themselves. So Netgear has to hold two copies of the thing.
The update server isn't the same server as the one used for manual downloads (at least that is the case with ReadyNAS firmware).
We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues.
Presumably this is meant to indicate that you receive a lot of spam on these mailboxes. I suggest providing guidelines for how you want humans to format their subject lines when contacting you about vulnerabilities. This may make it easier to differentiate between bots sending you ads for viagra and vulnerability reports.
Re: NETGEAR Routers and CVE-2016-582384 security vulnerability
@aboxofclay wrote: Presumably this is meant to indicate that you receive a lot of spam on these mailboxes.
That's one way of interpreting it, but spam is easily trapped. My guess is that "numerous emails through this channel" is more likely to be loaded down with reports of false positives in AV software, or people who are just paranoid and think that every time their system falls over it is a security failure.
As for providing a format for submitting issues, that's a good way of encouraging the spammers.
It would be better to be more diligent in the first place and for Netgear to pay a bit more attention to what it does receive. I suspect that it does so now that it has seen the folly of ignoring messages.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
What's important for all to remember, most of us are not IT literate and take instructions literally. I am 60+ and most in my peer group would look for a younger friend to assist with tasks like this. Once I was told through a great response to unzip the file I could easily complete the update. It took me 3 to 4 times longer just to find this valuable site for asking & sharing ideas. Initial instructions need to factor in their audience and 90%+ of the purchasers of this type of hardware are not IT literate. My thanks to you all for your assistance in resolving my issue....pjsand
I am 60+ and most in my peer group would look for a younger friend to assist with tasks like this.
In this case, some of the people who have been throwing around their advice, well, at least one of them, is 70+. (I can even help people with putting a ribbon in a typewriter.) But it sure is important to communicate using language that everyone can understand.
In the case of this firmware update, telling people how to deal with zipped files really only applied when users wanted to use the beta versions. Applying the final release didn't need that.
At least these days you don't need software to unzip files. The operating system does that.
@aboxofclay wrote: Presumably this is meant to indicate that you receive a lot of spam on these mailboxes.
That's one way of interpreting it, but spam is easily trapped. My guess is that "numerous emails through this channel" is more likely to be loaded down with reports of false positives in AV software, or people who are just paranoid and think that every time their system falls over it is a security failure.
As for providing a format for submitting issues, that's a good way of encouraging the spammers.
It would be better to be more diligent in the first place and for Netgear to pay a bit more attention to what it does receive. I suspect that it does so now that it has seen the folly of ignoring messages.
Spammers (as opposed to spear phishers) aren't going to bother customizing their messages for a mailbox their bot has scraped off the web. However, a consistently formatted subject line will make it easier for a human to recognize a potential problem report. Agreed on the need for increased diligence though.
Re: NETGEAR Routers and CVE-2016-582384 security vulnerability
@aboxofclay, I am sort of confused over this string of messages you've seemed to have started within this thread on 1/6?
Was this a returned e-mail to you from Netgear after you reported a problem to them? I can find nothing in the thread like this?
As for SPAM reaching them, it is really a double edged sword. Depending on SPAM filters some will get through, and conversely some that are not SPAM will be discarded.
Yes, there are ways to defeat this, forms to be filled out (although robots can get around this too) but that means a browser must be used to submit reports. Otherwise 'normal' emails are free form and unless there were specific information within the product documentation in the box that detailed what was required one wouldn't know it (or even forget to look at the documentation before sending off an email). On top of that NG support is only for 90 days. I bet that 'channel' gets a lot of email for h/w OUT OF WARRANTY as well.
So how did you get that 'message' and what did you do about it?
Definitily something to have in mind before getting a Netgear product.
ElaineM: Now you can understand my previously concerns about Netgear vulnerabilities?
Obviously this was something that could be avoided if Netgear could listen more to the people reporting these kind of issues, instead keeping things just like they are, I'm really sorry things have reach this point.
Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Re: NETGEAR Routers and CVE-2016-582384 security vulnerability
You did read part of the Engadget link fully right?
=======
The good news? Netgear has been diligent about patching the security hole. As of the report, 19 models (plus a cable modem) already have firmware updates that will fix the flaws.
=======
The link above in the part I copied was to "Web GUI Password Recovery and Exposure Security Vulnerability" which was updated on 1/27/17 before your links were created.
To me it seems they did 'listen' and did take pro-active action?
Re: NETGEAR Routers and CVE-2016-582384 security vulnerability
Well, that's your opinion about it, I can respect that.
They have listen it too late now that Netgear is on all front pages for the worst motives, this point could be avoided with back then actions, check how much time it took for them to simply upgrade a OpenSSL version:
Re: NETGEAR Routers and CVE-2016-582384 security vulnerability
Well, do you know when they first were alerted to the problems? Do you know how long it took them to take action? I don't know those dates?
When something gets reported to them the first thing that needs to be done is verify it is a real threat. Determine the scope of it too. Then formulate a fix, for every instance of that, and then create and test the fix, run QA (ensure it didn't cause regressions, that is break something else), and finally release it.
Note the date the page I referenced was updated last, 1/27 (don't know prior update date nor content change though), and the dates of the URL references you posted. Those were release a few days AFTER NG made the page update.
Also note the list of routers on that NG page. I can only speak for the R7000, but its last F/W release (which according to the LINK says it was fixed on the R7000) was on 12/16/2016. So over 1 1/2 months ago the R7000 had that vulnerability fixed.
To me that makes your argument sort of weak.
But let us switch gears here. What about MicroSoft? Many more vulnerabilities affecting many more systems. Do they cover them all INSTANTLY? Nope, they take time to get them out. They also do NOT announce the full extent of most of the vulnerabilities either so they are not publically known so 'bad guys' can make use of them.
Even with NG making the fixes, just what percentage of all NG Routers do you think will first of all update the firmware or make suggested protection changes? I'd think a good percentage will not.
You can audit/read the code ALL you want. Unless you know what the 'hole' could be and how it could be exploited you may never see it. Yes, some people might, but many coders will not. That is why exploits exist. It is a 'fact' of software coding.
By the way, most of those reference 'zero-day attacks'. Do you know what they are? Those are NEW attacks not seen before and using previously unknown holes/weaknesses in the code. No code is immune to these.
Doesn't Microsoft code bother you more than the router firmware code? It doesn't seem like it to me.
Why are you targeting NG? Others have problems too or had them:
