Orbi WiFi 7 RBE973
Reply

NightHawk X4S AC2600 Model R7800 VU#582384

katedan19772001
Aspirant

NightHawk X4S AC2600 Model R7800 VU#582384

I tried using the http://[router-address]/cgi-bin/;uname$IFS-a link to see if my computer was affected with the bug. And I got the number 0 on the screen. Which makes me wonder if my router is affected with the bug. It did not return a blank page or error message. 

 

Model # : R7800

Firmware: V1.0.2.12

OS: Windows 10 

Browser: Chrome

negear bug 12-1-9-2016.png

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 1 of 12

Accepted Solutions
mdgm-ntgr
NETGEAR Employee Retired

Re: NightHawk X4S AC2600 Model R7800 VU#582384

It's not one of the known affected models at this time. Please see the Security Advisory for VU 582384

 

You should keep an eye on that advisory for now as we are updating it regularly.

View solution in original post

Message 2 of 12

All Replies
mdgm-ntgr
NETGEAR Employee Retired

Re: NightHawk X4S AC2600 Model R7800 VU#582384

It's not one of the known affected models at this time. Please see the Security Advisory for VU 582384

 

You should keep an eye on that advisory for now as we are updating it regularly.

Message 2 of 12
katedan19772001
Aspirant

Re: NightHawk X4S AC2600 Model R7800 VU#582384

It still doesn't answer the question. Is the 0 in the page considered an error? Because if not, then it is affected as stated in many articles  using the http://[router-address]/cgi-bin/;uname$IFS-a  to check vulnerability of router. Saying it's not part of the affected list doesn't tell me if the 0 i'm getting on screen is an error. Hope this clearify the question I was asking. Thank you.

Message 3 of 12

Re: NightHawk X4S AC2600 Model R7800 VU#582384

What you see looks like a blank page to me:

 


The accessed Web page should show a error or blank page, otherwise you can assume that the fix didn’t work.

 

That (with its grammar lapse) is from:

 

Netgear Router: Critical Unfixed Vulnerability Permits Hacker Takeover

 

Message 4 of 12
katedan19772001
Aspirant

Re: NightHawk X4S AC2600 Model R7800 VU#582384

It's in top left corner.. It's the best picture I could get. I could send it thru imgur maybe it has a better image.

http://imgur.com/a/TYEEQ

 

Anyways I sent a letter to the netgear secrutiy support email. waiting for a response. 🙂

Message 5 of 12
mdgm-ntgr
NETGEAR Employee Retired

Re: NightHawk X4S AC2600 Model R7800 VU#582384

It's not on the known list of affected devices but it would be advisable to keep monitoring the advisory page for now until our investigation is complete.

Message 6 of 12

Re: NightHawk X4S AC2600 Model R7800 VU#582384

All I can say is that the response you see is nothing like the screen I got when I tested my own vulnerable modem/router.

 

Unfortunately, I didn't grab the screen back then.

 

It would be useful is Netgear posted the sort of response expected from a vulnerable device. Then it wouldn't have to fend off a constant stream of similar queries.

 

Here is a message from a third party source that knows it stuff. This has more detail of what to expect when you test the device:

 

Netgear router remote control bug – what you need to know – Naked Security

 

That says:

 


Q. Can I test my own router?
Try visiting this URL:
http://routerlogin.net/cgi-bin/;uname
That should send a web request to the potentially vulnerable software component in your router.
If the exploit works, your router will run the command uname, a Unix utility that prints out the identity of the operating system, which is Linux on Netgear routers.
So, if you see a regular-looking error message, we think you are safe because your router didn’t run the unwanted command.
But if you see a web page including output that consists of the word Linux, you should assume the exploit worked because the command named in the URL ran.

Maybe Netgear can confirm this.

Message 7 of 12
StephenB
Guru

Re: NightHawk X4S AC2600 Model R7800 VU#582384


@katedan19772001 wrote:

It still doesn't answer the question. Is the 0 in the page considered an error?


Try http://[router-address]/cgi-bin/;killall$IFS’httpd’  That will kill the web server in the router if you are vulnerable.  Then close the browser, open a new instance and try to reach the router web page. If you can't, then you are affected.  If you can, then you aren't.

 

If you are affected, you can power-cycle the router and the web page will come back.  Note that while the web server is killed the vulnerability can't be exploited, so the router is fully safe to use.  Though of course you can't change the settings, etc.

Message 8 of 12

Re: NightHawk X4S AC2600 Model R7800 VU#582384


@StephenB wrote:

 If you are affected, you can power-cycle the router ...

 


 

I respond this time only to pass on a salutary anecdote from another conversation that came up here the other days.

 

"What does power cycle mean?" a user asked.

 

This reminded me how easy it is for some of us to lose sight of what people do and don't know.

 

I advised that it just means turn it off and then back on at the mains.

 

But was that correct? Is there a difference between that and using the switch on the back?

 

 

 

Message 9 of 12
StephenB
Guru

Re: NightHawk X4S AC2600 Model R7800 VU#582384


@michaelkenward wrote:

 

But was that correct? Is there a difference between that and using the switch on the back?

  


The goal in this case is just to get the router to reboot.  The switch on the back will do the job (and so will disconnecting/reconnecting the power).

Message 10 of 12
katedan19772001
Aspirant

Re: NightHawk X4S AC2600 Model R7800 VU#582384

Sounds like I'm safe. As long I don't show Linux on it. So looks like the 0 is considered an error. 🙂 Well time to set up the router then!

Message 11 of 12

Re: NightHawk X4S AC2600 Model R7800 VU#582384

That's my understanding too.

 

Now that I think of it, when my modem was vulnerable it showed something like the UNIX string mentioned. Now it just blocks me.

 

Message 12 of 12
Top Contributors
Discussion stats
  • 11 replies
  • 4219 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7