R8000 New firmware 1.0.3.36_1.1.25

You can look in the release notes.

http://kb.netgear.com/000037342

I took a look at the R7900 release notes and they state the security issues explicitly.  Not sure why the R8000 are so ambiguous.  The two routers are almost identical.

Yeah, one sentence, "fixed security issue"!  

Which security issue?

How serious?

Do I need to upgrade?

Will it brick my router? 

Lol Lol Lol..............

The confusion started with two subminor releases for the R8000 within a few days - most likely on the same security issue, probably not propelry fixed before - regardless of the 

R8000 Firmware Version 1.0.3.26

R8000 Firmware Version 1.0.3.36

Best guess (yes, I know ...) it's all about CVE-2016-6277, PSV-2016-0245 (formerly designated VU #582384..

Remains the question what PSV-2016-0068 is about ...

I see! 

But 1.0.3.26 already been replaced by 1.0.3.32 a while back. It seems to be a stable version.(or at least to me).

Well, as per Security Advisory for CVE-2016-6277, PSV-2016-0245 we _should_ be fine.

But now we have this Security Advisory for Insecure Timestamp Password Vulnerability, PSV-2016-0254 on the table - however, I fail to find any reference to a CVE-2017-5679. And the confusing entry from January 2017 on NETGEAR Product Security Advisory

Netgear at it's best...I am lost at this point. What a me**.

Can some Netgear Mods take care of this, and shed some light please? @ElaineM please....

---

@ElaineM wrote:

It fixes PSV-2016-0245 & PSV-2016-0254.

---

Thank you @ElaineM. Conclude, both the R8000 1.0.3.36 Release Notes as well as the PSV-2016-254 KB entries require an update 8-)  

Yes. I already forwarded it to the team.

When you search for new firmware update the new version (1.0.3.36) did not show up so does that mean it is not that important? AND we should wait? 🙂

---

@rojen88 wrote:

When you search for new firmware update the new version (1.0.3.36) did not show up so does that mean it is not that important? AND we should wait? 🙂

 

---

Valid question - I don't know on how Netgear does schedule the love updates - @ElaineM?

That seems to be a server issue. Let me ping the people responsible for that matter. 

Firmware is up now through the GUI. 

What's confusing me is that the version number is lower than my existing one.  I am currently running 1.0.3.4 which is running stable.  The latest version is 1.0.3.36?  I though it was a mistake so I was afraid to replace it. This router out preforms any other router I have ever owned so I'm afraid to mess it up with a firmware update, especially if it's an older version.  I tried the nighthawk x10 and it was so miserable that I returned it in 48 hours.

No, this version is way higher than 1.0.3.4.   It is 4..5..7..8..10..15...21..30..32..33..34..35..36!  (Don't know why the version numbers jumped).

Accordingly 1.0.3.32.. fixed a SERIOUS security flaws. So not updating at your own risk!

But I totally understand what you meant.

...and the other MAJOR problem with this latest firmware release is that it completely brakes the Android version of the app...so as I came to find out last night, the mobile app doesn't even manage to LOG-IN to the router anymore...completely dead.

I left the app feedback on Google App page, but I have no idea who (if anyone) actually reads this.

Sooo...for me, it's time to roll-back the firmware upgrade and as you stated in your post: beware!!!

@dspiatkowski I suggest that you create another thread for that matter.