Orbi WiFi 7 RBE973
Reply

Re: Two leading Netgear routers are vulnerable to a severe security flaw

3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@StaticFX wrote:

@Gandolph - i forgot about wrt etc... do you have the link handy?


http://www.dd-wrt.com/wiki/index.php/Main_Page

 

I may actually attempt this on my next day off.  Looks to be more secure and still offers all I need in regards to management.  

Message 51 of 234
3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@RC0101-2 wrote:
Does this affect the r8500?

You would have to test the sample code:

 

Step 1 (optional): verify you’re vulnerable

Open your browser and visit the following address:

http://[router-address]/cgi-bin/;uname$IFS-a
(For most people, this URL will work: http://www.routerlogin.net/cgi-bin/;uname$IFS-a)

 

 

If a web page appears (which is not an error): you’re vulnerable. In my case, the page contains a text that starts with: Linux R7000 2.6.36.4brcmarm+ (...).

 

Link to blog post for the rest: http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/

Message 52 of 234
Gandolph
Star

Re: Two leading Netgear routers are vulnerable to a severe security flaw

StaticFX,

This is the link for the R7000 specific version of the firmware.  I have been running this for a long time now with no problems.  It makes me like my Netgear router again...

 

Asuswrt-Merlin on Netgear R7000

http://www.linksysinfo.org/index.php?threads/asuswrt-merlin-on-netgear-r7000.71108/

Message 53 of 234
3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@climb74 wrote:

Gandolf, please supply more info regarding the asus-wrt/merlin firmware.


Here is a link to a discussion:

 

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R7000-Using-Asuswrt-Merlin/td-p/1127372

 

Here is a link to asus-wrt:

 

http://xvtx.ru/xwrt/about.htm

Message 54 of 234
GinaGerson
Star

Re: Two leading Netgear routers are vulnerable to a severe security flaw

For now I'v flashed other firmware. (XWRT)

Seems to work very well. On 2.4G i get way more download, went up from 45/15 to 88/15 😉

5G stays same as it was 150/15 (but that's my max speed) so that's fine.

Message 55 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@StaticFX wrote:

the date was 11/28/2016... seems like a much earlier version?


That's the date the Release Notes article was last updated not the date the firmware was released. That firmware was released over 3 years ago.

Message 56 of 234
StaticFX
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Yeah I figured.. but they just posted that old firmware... so I wonder if its a safe version

Message 57 of 234
Rauder
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

According to all threat assessment sources, Netgear was made aware of the vulnerability in August but chose to ignore the cyber security community which is why the issue was never resolved any sooner. We should hope they will act more promptly in the future. Nighthawk routers aren't cheap - they are future-proof investments.

Message 58 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@mdgm wrote:


NETGEAR is aware of the security issue #582384 affecting R6400, R7000, R8000 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384
We're working hard for a fix and will update the security ticket above soon.


Ok am I dense? Why is this green checked as solved? Acknowledging there is a problem is not a solution in itself. Kinda misleading doncha think? 

Message 59 of 234
RMinNJ
Luminary

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I'm running V1.0.4.30_1.1.67  and the bug is there.

 

I find it intresting that the merlin firmware can be faster even though it is not using the hardware acceleration.  

Message 60 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@Rauder wrote:

According to all threat assessment sources, Netgear was made aware of the vulnerability in August but chose to ignore the cyber security community which is why the issue was never resolved any sooner. We should hope they will act more promptly in the future. Nighthawk routers aren't cheap - they are future-proof investments.


I've really gotta be cynical about this response lag. On a post on another thread I said Netgear needs to be more proactive than reactive as in auditing its own code and revamping firmware deployment model such as making it more modular so people could apply package and kernel updates as in desktop applications of Linux.  Oh and do something about the user interface. Ancient kernels and applications are bad enough but the UI is apparently also a weak link in the chain. And so much for the keeping remote manafement off "panacea" since a bad ad might exploit your browser to topple the router from inside the network. Nice.

 

But if there was that long of a response lag between when Acew0rm tried notifying Netgear and the vulnerability made public I don't think the term "reactive" is appropriate. Head in sand might be better. It's about PR and pleasing ....wait for it... investors.

 

The saddest part is that those of us who know about the problem(s) with Netfear and other router vendors are probably a very small portion of endusers. Therefore very little free market accountabilty.

 

And I used to mock Microsoft. Well I still do 😊

 

At least there are alternatives such as building your own Ubuntu router box, open source firmwares, or something such as a pfsense box. The latter can be had as turnkey without too much fuss.

Message 61 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@alokeprasad wrote:

Is X-10 R9000 also affected? Can someone please check?

 

It is a new product, so ZDNet might not have tested it.


What is unique to the product lines affected versus other Netgear routers? How can we be sure the other sorts of routers are safe? I could understand that NetUSB would be limited to routers with that feature but why this one having relevance to only a handful of Netgear routers? 

Message 62 of 234
3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@timetorebel wrote:

@mdgm wrote:


NETGEAR is aware of the security issue #582384 affecting R6400, R7000, R8000 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384
We're working hard for a fix and will update the security ticket above soon.


Ok am I dense? Why is this green checked as solved? Acknowledging there is a problem is not a solution in itself. Kinda misleading doncha think? 


I saw that too.  No idea, because it is not resolved.  Maybe they are worried that people will not be buying these routers for Xmas?

Message 63 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I think that was probably marked as the solution by a colleague so that users could quickly find the advisory to follow to keep updated on the issue.

 

As our investigation continues we will have further updates to our security advisory. Thank you for your patience.

 

We have an email dedicated for security concerns e.g. reporting security issues. It's mentioned in the security advisory and also on the Security Advisory section of our website: http://www.netgear.com/about/security/

Message 64 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@mdgm wrote:

I think that was probably marked as the solution by a colleague so that users could quickly find the advisory to follow to keep updated on the issue.

 

As our investigation continues we will have further updates to our security advisory. Thank you for your patience.

 

We have an email dedicated for security concerns e.g. reporting security issues. It's mentioned in the security advisory and also on the Security Advisory section of our website: http://www.netgear.com/about/security/


So you admit not a solution? And I am not sure what to think about announcement of the dedicated security email. I hope it isn't a way to deflect those voicing security concerns from the  spotlight on these public forums. Those concerns need to remain public. But if it is to take security concerns seriously (PR blah blah...puppies and kittens) why did this vulnerability not get addressed months ago? That's a PR loss and corporate responsibility epic fail as I see it.

Message 65 of 234
RC0101-2
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Thank you...It looks like I am affected.  However, I follow the steps to kill the vulnerbility but it doesn't seem to work. After I follow the steps I recheck and I am still getting "Linixu r8500..."

 

Any ideas? I have tried the router login and also my routers IP address....Maybe it's just time I move on from Netgear...

 

 

*edit - I believe I got it working. I get a page cannot be displated when testing.  Still my confidence in Netgear is at an all time low and am thinking I will go with a different company. 

 

Message 66 of 234
Millstone
Guide

Re: Two leading Netgear routers are vulnerable to a severe security flaw

the command "uname -a" outputs the current system build info

 

this won't be fixed properly until new firmware is released

 

I have already abandoned my R7000 due to other firmware flaws so i am no longer affected

Message 67 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw


timetorebel wrote:

So you admit not a solution?


That's pretty obvious when you read the Security Advisory that post links to.

timetorebel wrote:

And I am not sure what to think about announcement of the dedicated security email.

That's the best way to make sure a report gets to the security advisory team ASAP.

timetorebel wrote:

I hope it isn't a way to deflect those voicing security concerns from the  spotlight on these public forums.

That's not the purpose at all. We value free and open discussion on our community.

In one of the other threads a user asked for a thread to be closed, but we've left it open.

Message 68 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw

The Security Advisory has been updated with more information and beta firmware for some affected models.

Message 69 of 234
zipcard
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I tested my D6400 and it is also vulnerable, your security notice only mentions the R6400 so please dont forget the DSL versions of the same routers too.

Message 70 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@zipcard wrote:

I tested my D6400 and it is also vulnerable, your security notice only mentions the R6400 so please dont forget the DSL versions of the same routers too.


 

Which firmware do you have on the D6400?

 

 

Message 71 of 234
RMinNJ
Luminary

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Looks like they released beta firmware that fixes just this vulnerability.       

 

What is suggested...flash to beta or wait for a released version.?

 

I have not run beta firmware before.  Have people had good luck with beta?

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 72 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw

In general beta firmware can be hit or miss. Sometimes it is just fine, sometimes it introduces new problems. (I've seen that in beta tests of new hardware.)

 

Firmware rarely, if ever, kills a device so long as you let it complete the process. That's why some people advise against doing regular updates over wifi, which probably won't apply in this case.

 

Before you flash, you should retrieve and file away a copy of the current firmware. You can then flash back to that if you have problems.

 

It is often also advisable to reset your hardware to the factory settings after the firmware flash. That isn't always needed. (Perhaps someone can advise if the changes with these updates requires a reset.)

 

It is up to you to decide to use it. If you are seriously worried about this vulnerability, then do it. If not, hang on until a few other people have tried it.

Message 73 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw

It's up to you.

 

You can try the beta if you like or you can wait. In the unlikely event you have issues as a last resort you should be able to put the non-beta firmware back on and do a factory reset.

 

Beta firmware will have undergone some basic testing but not the full QA cycle.

Message 74 of 234
Unfiltered1
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I just flashed the new beta firmware and I'm obviously still connected to the internet.  So far I've not had any issues.  R7000 router.

Message 75 of 234
Top Contributors
Discussion stats
Announcements

Orbi WiFi 7