Orbi WiFi 7 RBE973
Reply

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Re: Two leading Netgear routers are vulnerable to a severe security flaw

The list has been updated to include more models, including the D6400.

 

Message 101 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@michaelkenward wrote:

@Gandolph wrote:

Netgear has had since August to address this issue and has done nothing.

How do you know that? It would be interesting to have evidence.


We've updated the solution to this thread with more information. I hope that clarifies it.

@michaelkenward wrote:

The list has been updated to include more models, including the D6400.

 


Yes. For the latest information it's best to view the advisory.

Message 102 of 234
climb74
Guide

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Michael,

  How do we know that Netgear received notice of the vulnerability 4 months prior to the public announcement by the person who found it?  We read the news.  I would expect that you would be keeping abreast of the news regarding this issue since you are moderating the forum on this issue...

Message 103 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@climb74 wrote:

Michael,

  How do we know that Netgear received notice of the vulnerability 4 months prior to the public announcement by the person who found it?

 

 

That is not what I asked.

 

Let's make it simpler.

 

How do you know that Netgear has done nothing about it?

 

 

 

 

 

Message 104 of 234
virtigex
Initiate

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Here's where the 4 month figure comes from:

 

Proof-of-concept exploit code was released by a Twitter user who, according to the article, said "he informed Netgear of the flaw more than four months ago, but did not hear back from the company since then."

 

https://mobile.slashdot.org/story/16/12/11/1832234/vulnerability-prompts-warning-stop-using-netgear-...

 

Message 105 of 234
Inolvidable_
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

If AceW0rm alerted Netgear about this very vulnerability in august (as you can see here: http://fortune.com/2016/12/12/netgear-router-models-critical-vulnerability/) and the vulnerability has remained, I can only picture two scenarios: - Netgear has done nothing - Netgear was working on it as a low priority issue I can understand every software has flaws, but given de magnitude of the issue there is no way to justify the lack of action in this particular case. There are multiple vulnerabilities hard to exploit so a low priority level is understandable, and then there is this. I am not in the "never Netgear again" camp. I think they made a mistake this time and I hope they learn from it.
Message 106 of 234
alokeprasad
Mentor

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@michaelkenward wrote:

@climb74 wrote:

Michael,

  How do we know that Netgear received notice of the vulnerability 4 months prior to the public announcement by the person who found it?

 

 

That is not what I asked.

 

Let's make it simpler.

 

How do you know that Netgear has done nothing about it?

 

 


 

From the "Solution" linked to the 1st msg in his thread ..

 

I quote:

 

**** UPDATE from NETGEAR - Added by ChristineT on 12/13/16 at 2:15 PM PST ****

 

NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page.  We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues.  When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner.

 

This vulnerability, which has come to be referred to as VU 582384 was overlooked in our review process. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, began our standard process of validating prior to making any public statements. Once it had been disclosed that the first notification occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.

 

After NETGEAR had actual knowledge of the security risk on Friday, our engineers began working quickly to address it. NETGEAR has now updated the Knowledge Base article related to the recently discovered Security Vulnerability #582384, which has been reported to affect at least three NETGEAR routers – R7000, R6400 and R8000. This vulnerability puts a network at risk by allowing for unauthenticated web pages to pass the command-line interface leaving open the potential for arbitrary command execution by remote attack.

 

Message 107 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@Inolvidable_ wrote:
I am not in the "never Netgear again" camp. I think they made a mistake this time and I hope they learn from it.

 

I go along with that, especially as there are similar reports for other hardware makers, but I am also not in the camp that makes assumptions.

 

For example, your suggestion that:


@Inolvidable_ wrote:
Netgear has done nothing - Netgear was working on it as a low priority issue


may be true, but without evidence it is an assumption. There are many other possible scenarios. (The person who found the problem contacted the wrong people at Netgear, for example) That is why I asked for evidence that Netgear had done nothing.

 

Next thing you will be telling me that there is evidence that the Russians tried to influence with the US election.

 

 

 

 

Message 108 of 234
alokeprasad
Mentor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Truthiness.... the quality of seeming or being felt to be true, even if not necessarily true.

Message 109 of 234
GinaGerson
Star

Re: Two leading Netgear routers are vulnerable to a severe security flaw

@michaelkenward

 

Next thing you will be telling me that there is evidence that the Russians tried to influence with the US election.

😉

Message 110 of 234
Inolvidable_
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@michaelkenward wrote:

@Inolvidable_ wrote:
I am not in the "never Netgear again" camp. I think they made a mistake this time and I hope they learn from it.

 

I go along with that, especially as there are similar reports for other hardware makers, but I am also not in the camp that makes assumptions.

 

For example, your suggestion that:


@Inolvidable_ wrote:
Netgear has done nothing - Netgear was working on it as a low priority issue


may be true, but without evidence it is an assumption. There are many other possible scenarios. (The person who found the problem contacted the wrong people at Netgear, for example) That is why I asked for evidence that Netgear had done nothing.

 


 I think you have a point but you are not fair at the same time. We can go as deep as we want with the granularity of the expression "make assumptions". Experimental sciences "make assumptions" every day about cause-effect relations in absence of mathematical evidence. Even with mathematical evidence, Kurt Gödel proved in 1931 through his incompleteness theorems that complete and consistent set of axioms for all mathematic is impossible. In other words, there are mathematical expressions that can not be proved to be true.

 

In this particular case you have a point because there are other possible scenarios, but I think you are not fair because (in my view) the probability of this other scenarios are way way lower than the most probable one. Of course I am not backing this "probability" with mathematics but with common sense which is subjective, so yours is as good as mine. On the other hand it is not that easy to make a probability function of this particular matter and we can not totally trust on maths anyway, so we need to think of a way to reach a consensus.  I will accept that common sense is what the majority vote in a poll for example, so we can reach an agreement.

 

Ooor... we could just have payed attention to @alokeprasad who proves the whole thing. But Where is the fun in that? Smiley Very Happy 

Message 111 of 234
SeaSalt
Guide

Re: Two leading Netgear routers are vulnerable to a severe security flaw

@Inolvidable_ I agree with your sentiment. There can be variables that, frankly, could all depend on perspective.

Either way, we can have a lovely discussion on what can be true or not so, but let's not stray too off-topic while we're at it 😄
Message 112 of 234
Unfiltered1
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Netgear has fessed up to Tom's Hardware:

 

"This vulnerability, which has come to be referred to as VU 582384 was overlooked in our review process. We initially became aware of this vulnerability last Friday, December 9th, when CERT emailed us, and because we had no record of a prior report, began our standard process of validating prior to making any public statements. Once it had been disclosed that the first notification occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process. "

 

http://www.tomshardware.com/news/netgear-responds-security-issue-routers,33199.html

Message 113 of 234
tivoboy
Guide

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I alwasy love updates that require resetting ALL settings before doing the update.  anyone have any tips for how to capture all the settings that are changed to make it easier to re-populate?

 

I have so many IP assignments, port forwarding, QOS, etc.. PIA for sure

Message 114 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@tivoboy wrote:

I alwasy love updates that require resetting ALL settings before doing the update.

 


 

Neat, isn't it?

 

Remember, these requirements are often "advisory".The "factory reset" thing depends on the severity of the changes that the firmware has inflicted on your hardware.

 

You can try other ways of doing it.

 

Here's my strategy, developed after beta testing various bits of kit:

  • save (backup) settings
  • flash firmware

If that works and you see no problems, great. If not, and something doesn't work, you may have to reset the device to the default settings:

 

  • save (backup) settings
  • flash firmware
  • set to factory settings
  • retrieve settings from backup

 

If that works and you see no problems, problem fixed! If not:

 

  • save (backup) settings
  • flash firmware
  • set to factory settings.
  • reconfigure everything

 

If that fails, then I fear that you may have to flash back to earlier firmware.

 

In this case, run the vulnerability test to check if the thing is fixed and if you need to go through the factory reset.

 

 

 

 

 

 

 

 

Message 115 of 234
ChrisNoonan
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

What a grand opportunity for Netgear right now!

 

They are responding and appear to be taking a sound and responsible approach .... these things always take longer than the least anxious person expects ...

 

And the grand opportunity is to ensure the community is well served .... and to ensure the issues don't impact business materially .... time to think about dropping warranty limits and forgetting service revenues to make sure the community is well served and the vulnerabilities are expunged ... even on models and products, such as range extenders, which are not yet proven to be affected ....

 

What a grand opportunity!

Message 116 of 234
alokeprasad
Mentor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Save (and restore) settings from the settings-backup file

 

Take pictures of the important screens (the old-fashioned way of backing up).

Message 117 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@ChrisNoonan wrote:

 

And the grand opportunity is to ensure the community is well served .... 


We have striven to keep the community up to date on our investigation.

@ChrisNoonan wrote:

 time to think about dropping warranty limits and forgetting service revenues to make sure the community is well served and the vulnerabilities are expunged ... even on models and products, such as range extenders, which are not yet proven to be affected ....

Hardware warranty applies to hardware, software warranty applies to software issues, but when it comes to security we have a process described on our NETGEAR Product Security Advisory page for reporting what you consider to be a security issue. When emailing us as per those instructions the warranty status of your device is irrelevant.

Message 118 of 234
ChrisNoonan
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Good to know the policy points ..... and a chance for all of us to think beyond the policy ...

Message 119 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw

For anyone who hasn't see it, there is new firmware for the D6400.

 

It installs just fine and seems to have slammed the backdoor.

 

I did not reset to factory defaults, but it appears to be working as expected.

 

 

 

Message 120 of 234
zipcard
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Yup new firmware for D6400 fixes it, thx for the quick fix.

Message 121 of 234
Wolf_666
Luminary

Re: Two leading Netgear routers are vulnerable to a severe security flaw

No third party FW is faster than stock FW. Only if you are looking for additional feature 3rd party is the right way. I tested all 3rd party FW so far, no one excluded and I did not get any faster Wi-Fi speed.

Message 122 of 234
GinaGerson
Star

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Spoiler
No third party FW is faster than stock FW.

 

@Wolf_666 Oh, My 2.4G connection dramatically improved with XWRT

Message 123 of 234
Wolf_666
Luminary

Re: Two leading Netgear routers are vulnerable to a severe security flaw

@GinaGerson I am glad for you.

I had several Netgear Routers, I have been starting modding with 3rd FW since my WNRD3700 and I did not ever seen any real improvement (misured with some LAN tools) in speed, expecially 5Ghz. The reason is because most of those FW use outdated drivers that are not optimized for that specific model. The community mostly agrees that stock FW, in general, offers better speeds but drammatically lacks features that 3rd party FW offers. Personally I am a big fan of OpenWRT (not usable for R7000) and DD-WRT (Kong's build).

My final advise is to test, each home environment has specific needs and, could happen, that som 3rd party FW outperforms stock FW.

Message 124 of 234
Rlevinson
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I remain concerned about the security of my r8500 router. From what I can tell it is vulnerable to the VU#582384 (arbitrary command injection) vulnerability. But Netgear does not acknowledge the problem even though it lists other routers as being subject to the same vulnerability. 

 

After following the test provided in the Bas post ( http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ ) I determined that my Netgear r8500 router is subhnect to the CERT VU#582384 vulnerability. This is despite the fact that the Netgear page that lists what Netgear claims are the affected routers does not include the r8500. See http://kb.netgear.com/000036386/CVE-2016-582384. 

 

Moreover, there are posts on this Netgear Community site, apparently blessed by Netgear personnel, suggesting that this router is not subject to this vulnerability. See message from "Netgear Moderator mdgm" at http://community.netgear.com/t5/Nighthawk-WiFi-Routers/Is-R8500-affected-by-new-vulnerability/m-p/11.... Unless the Bas test is faulty (and there is no reason to believe so), this appears to be false. Does this "Netgear moderator" work for Netgear? If a Netgear representative has implied that the r8500 isn't affected by the vulnerability when actually it is (he/she said "I believe it isn't affected. It iisn't on the list ...") this could cause users that rely on this guidance to be harmed, because r8500 users that rely on the advice by the Netgear moderator could be victimized by hackers that exploit the vulnerability. 

 

I do not understand why Netgear has failed to acknowledge this issue (or to take steps to rectify it) on the r8500. Has Netgear tested this router for this vulnerability? Does Netgear dispute that the problem exists with the r8500? Does Netgear dispute the Bas methodology for exposing the vulnerability?  Thr fact that the CMU Vulnerability Notes Database does not list the r8500 (see https://www.kb.cert.org/vuls/id/582384) does not explain this. While it is hard to tell, it looks like the CMU group relied on Netgear's list of affected routers.

 

Most importantly -- When will there be a firmware upgrade to rectify this situation on the r8500 router? I spent more than $400 on this router, and am beginning to regret that decision.

 

Bob

Model: R8500|Nighthawk X8 Tri-Band AC5300 WiFi Router
Message 125 of 234
Top Contributors
Discussion stats
Announcements

Orbi WiFi 7