Orbi WiFi 7 RBE973
Reply

Re: Two leading Netgear routers are vulnerable to a severe security flaw

3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw

You can test it yourself by using that url.

 

Login to your router, and find out the ip of it.  Then replace the ip with that test url.  If you get can't be found or access denied then you are good, if you get anything else, then it's vunerable.

 

http://[router-address]/cgi-bin/;uname$IFS-a

 

Link to the article:  http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/

Message 26 of 234
alokeprasad
Mentor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

If I go to

 

http://192.168.1.1/cgi-bin/;uname$IFS-a

 

I get (HTTP 404 Not Found) error.  I'm doing this from inside my LAN.

 

Is this a valid test? Do I need to test from the WAN side (from the internet)?

Message 27 of 234
Captiva
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Very difficult if not impossible for 99% of Netgear customers (Costco, Amazon, Wal-Mart, Target shoppers) to comprehend and implement.  Vendor solution is needed.

Message 28 of 234
climb74
Guide

Re: Two leading Netgear routers are vulnerable to a severe security flaw

So what is the timeline to a patch?  After spending over 200 bucks for a router I expect that the vendor is going to support their product.  Fair warning, I will be very vocal about my dissatisfaction if I have to go out and buy a new router.  Considering I have an extensive career in Information Security, my voice may carry some weight...  The current lack of response is disconcerting to say the least considering that there is an exploit available in the wild.

Message 29 of 234
3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I think it's safe to say, your router is not vunerable to the web service attack.  There is another, but not sure how you would stop that or test it.

 

 

Here is the telnet test:

 

http://RouterIP/;telnetd$IFS-p$IFS'45'

 

will open telnet on port 45.

Message 30 of 234
3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Agree.  Especially since there were a lot of discounts on this item since black friday and articles telling consumers its one of the best devices you could buy at the time.

Message 31 of 234
3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I would recommend twitter, to voice concern (netgearhelp I think it the tag).  We could also post to review sites (amazon.com, newegg, and even netgears site).  Use social media, like FB to post reviews or rank the item.  This might get their attention.  This bug has been known about since Friday, and Netgear has yet to respond.  Unacceptable.

Message 32 of 234
climb74
Guide

Re: Two leading Netgear routers are vulnerable to a severe security flaw

There are a number of security sites that garner a lot of attention as well... though a number of them already have this issue in their sights along with mainstream tech sites.  ZDNet is just the tip of the proverbial iceberg.  I find it odd that the only response from a Netgear representative on their own forum was to attempt to discredit CERT as a source.  Calling Carnegie Mellon University's public vulnerability database (CERT) a "third party" is a bit of a stretch... I wonder what sort of agenda they think a reputable university and The Department of Homeland Security are trying to push... I sincerely doubt either "third party" have any vested interest in a Netgear competitor.

 

That said... I don't know how much weight our threats of going to the media will have anymore now that SlashDot, ComputerWorld, and Network World have gotten a hold of this story.  This story has gotten legs, and if Netgear doesn't get ahead of this they are going to be in serious trouble.  Personally I will give them two business days at most before I drop support for them entirely and search for a more secure router vendor.  Many of us Security Architects work from home.  The last thing we need are unsupported border devices with egregious security flaws.  The least they should do is provide a workaround as of yesterday!

Message 33 of 234
virtigex
Initiate

Re: Two leading Netgear routers are vulnerable to a severe security flaw

According to https://mobile.slashdot.org/story/16/12/11/1832234/vulnerability-prompts-warning-stop-using-netgear-... 'Proof-of-concept exploit code was released by a Twitter user who, according to the article, said "he informed Netgear of the flaw more than four months ago, but did not hear back from the company since then."' Netgear needs to fix the vunerability and explain why it has not done so in the last four months.

 

Model: R8500|Nighthawk X8 Tri-Band AC5300 WiFi Router
Message 34 of 234
kochin
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I got a response from Netgear this morning at 2:39am. They must be working hard to get it resolved. But, the message isn't saying much.

 

We appreciate you contacting us. Currently we are working on a fix and will get back to you when it’s available. Thanks.

If you have any questions or comments with regard to this information, please contact us at: security@netgear.com.

Sincerely,

Product Security Incident Response Team
Netgear, Inc

Message 35 of 234
alokeprasad
Mentor

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@3v3ntH0riz0n wrote:

I think it's safe to say, your router is not vunerable to the web service attack.  There is another, but not sure how you would stop that or test it.

 

 

Here is the telnet test:

 

http://RouterIP/;telnetd$IFS-p$IFS'45'

 

will open telnet on port 45.



That gives me

 

No such file or directory

 

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 36 of 234
alokeprasad
Mentor

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@kochin wrote:

I got a response from Netgear this morning at 2:39am. They must be working hard to get it resolved. But, the message isn't saying much.

 



Probably means that is from a tech center in India or something ....

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 37 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw

The point I was trying to make was that the comment suggesting stopping using the devices was not made by NETGEAR and only that. I wanted to clarify that as a post suggested it was.

Message 38 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw


NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384

 

We now have beta firmware containing fixes for some affected models.

We're working hard on fixes for the other affected models and will update the security ticket above soon.

 

**** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****

 

To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements. 

 

Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.

 

NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page.  We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues.  When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.

 

Security Advisory for VU 582384 knowledgebase article.

NETGEAR Product Security Advisory page.

 

 

Message 39 of 234
3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw

You are probably good.

Message 40 of 234
3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw

You are probaly safe.

Message 41 of 234
3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Thanks for responding after several days. /sarcasm  How about a tweet or something, or do you want to try and keep this under wraps?

Message 42 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I would have liked the Security Advisory to have been posted sooner, but that's out of the control of our moderation team.

 


A colleague has already tweeted about this and responded to a thread on a popular site that's seeing a lot of activity on this.

As our security team's investigation progresses they will make further decisions.

 

 

Message 43 of 234
alokeprasad
Mentor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Hi mdgm,

 

Is it true that Netgear was informed of this 4 months ago (per link below)?

https://mobile.slashdot.org/story/16/12/11/1832234/vulnerability-prompts-warning-stop-using-netgear-...

 

Aloke

(Still using the SPARc ReadyNAS Duo!)

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router,R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 44 of 234
StaticFX
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Hi.. just saw this news on another site.. 

Thanks for the tips above, I have disabled the server as suggested. But I have a question

 

If you go to the R7000 downloads its showing the official FW as

R7000 Firmware Version 1.0.1.22

 

http://kb.netgear.com/en_US/23857/

 

is that a safe version? the date was 11/28/2016... seems like a much earlier version?

Message 45 of 234
Unfiltered1
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Is there a way to tell if a router has been breached by a hacker? 

Message 46 of 234
Gandolph
Star

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Wont work with Merlin software installed, also the Asus-wrt/Merlin software is more reliable and faster.  Not sure why anyone would continue to use Netgear's terrible firmware at this point.  

 

If I had purchased the Arlo cameras hoping to use the R7000 as my base station I would cut my losses and run, at some point you have to quit throwing good money after bad.

Message 47 of 234
RC0101-2
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Does this affect the r8500?
Message 48 of 234
StaticFX
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

@Gandolph - i forgot about wrt etc... do you have the link handy?

Message 49 of 234
climb74
Guide

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Gandolf, please supply more info regarding the asus-wrt/merlin firmware.

Message 50 of 234
Top Contributors
Discussion stats
Announcements

Orbi WiFi 7