Orbi WiFi 7 RBE973
Reply

Re: Two leading Netgear routers are vulnerable to a severe security flaw

netgearguy
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I've applied the update.

 

Is there any way to determine if you were hacked via this exploit? 


Telltale info in logs, etc? 

 

Thanks.  

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 126 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@netgearguy wrote:

Is there any way to determine if you were hacked via this exploit? 

 

 

Good question.

 

I have a bigger one.

 

Is there evidence that anyone has been hacked by this exploit? Or is it a theoretical one that Netgear has now nipped in the bud?

Message 127 of 234
GinaGerson
Star

Re: Two leading Netgear routers are vulnerable to a severe security flaw

@Wolf_666 The DD-WRT (Kong's build) is also on my wishlist, gonna try that one during Christmas holiday when I have time.

Message 128 of 234
tivoboy
Guide

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Has anyone done this install WITHOUT having done a full reset of the router?  I just don't have time at the moment to do the whole jump through the hoops of resetting EVERYTHING..

 

I know it can be done in place, anyone have any experience doing it that way wit this build?

Message 129 of 234
RMinNJ
Luminary

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Just installed it  by uploading it to the router...  Router rebooted and its at the new version.   I did not do any resets or anything else.

No problems I can see yet.

 

 

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 130 of 234
3v3ntH0riz0n
Apprentice

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@Gandolph wrote:

Netgear has had since August to address this issue and has done nothing.  Anyone still using stock firmware is being foolhardy, Netgear has shown themselves to be inept and uncaring about their exisitng customer base.  Here is the scoop from Toms Hardware;

 

http://www.tomshardware.com/news/netgear-critical-security-vulnerability-router,33173.html

 

Again, I recommend to all R7000 customers that they download and install the Asus-Wrt firmware referenced earlier in this thread.  


---Update2-- Here is the link to the script.  I have to say this might be a little above my pay grade, wondering if there is a deeper walk through on how to implement this script based on your network and vpn service:

https://github.com/RMerl/asuswrt-merlin/wiki/How-to-setup-SSID-for-VPN-and-SSID-for-Regular-ISP-usin....

 

---Update--- I just read the wiki on it and it appears you can assign a SSID for VPN and a SSID for non.  That is awesome.  I'm loading this bad boy, and it looks like they just released and updated version.

 

Hey Gandolph, I am probably going to do this, but I was wondering, as a NordVPN user, is it possible to enable NordVPN on the router, but only for a few devices?  I did a few searches, and it seems that you probably cannot do this if you enable vpn on the router itself, you would have to get two routers and deal with potential interferance. 

Message 131 of 234
Wolf_666
Luminary

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Installed without any factory reset (I did not ever do that) and working fine. My unit is working in AP mode.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 132 of 234
nananabatman
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Hi,

just tested on my R6250, and got prompted for the admin password. I guess this means that the R6250 is safe(?)

If I was already logged in in another tab, it would not prompt. Maybe that is why the R6250 is included in the advisory?

Message 133 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@RMinNJ wrote:

Just installed it  by uploading it to the router...  Router rebooted and its at the new version.   I did not do any resets or anything else.

No problems I can see yet.

 

 


Me too.

 

Reboot but no reset. All looks good.

 

D6400.

Message 134 of 234
JMNB
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I tried to follow the instructions but they are so arcane as to be useless unless you are a tech geek, and I am not. It really bothers me that Netgear assumes customers are familiar with technical IT terminology and processes. It would be helpful if, before releasing instructions, your support team finds a person who is NOT a tech geek and ask them if they understand the instructions.

As it stands, I am unable to complete the instructions to upgrade the firmware to fix the security issue. Since Netgear has offered a "fix" that is not understandable by the general public consumer, they will be liable for any lawsuits arising from security breaches. I know I will be first in line in the courts if it happens.

Message 135 of 234
IrvSp
Master

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@JMNB wrote:

I tried to follow the instructions but they are so arcane as to be useless unless you are a tech geek, and I am not. It really bothers me that Netgear assumes customers are familiar with technical IT terminology and processes. It would be helpful if, before releasing instructions, your support team finds a person who is NOT a tech geek and ask them if they understand the instructions.

As it stands, I am unable to complete the instructions to upgrade the firmware to fix the security issue. Since Netgear has offered a "fix" that is not understandable by the general public consumer, they will be liable for any lawsuits arising from security breaches. I know I will be first in line in the courts if it happens.


Those instructions I beleive worked for a lot of people. Why not POST what steps you tried and we'll try to steer you in the right direction. It is not hard.

 

First thing to try is to see the the Router will do the Update for you. Did you get to the Router page that had CHECK FOR UPDATE on it? If so did you use that button and what happened?

 

Next would be the D/L, it is a ZIP file. Is that what stumped you or did you get that down and unZip it? Then did you get to the router page where you can browse to find that .CHK file after you unZipped the file? Did that give you a problem.

 

Post what you did or what stumped you, we can help.

Message 136 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@JMNB wrote:

It would be helpful if, before releasing instructions, your support team finds a person who is NOT a tech geek and ask them if they understand the instructions.

 

I'm no geek, but I admit that it can take a bit of effort to work out what to do, but once done you will find that it is really easy.

 

You haven't told us where you get stuck, or what hardware you want to fix, so we'll have to start from the beginning.

 

The first thing to do is to consult the manual for your device. (Look for a section called Upgrade the Router/Modem Firmware.) Then check that the following steps, which should work for most hardware, apply to you.

 

  • Download the firmware for your device
  • Launch a web browser from a computer or wireless device (preferably a computer) that is connected to the network.
  • Type http://www.routerlogin.net or http://www.routerlogin.com.
    You should see a login screen.
  • Enter the user name and password.
    The user name is admin. The default password is password. (These are case-sensitive.)
    The BASIC Home screen displays.
  • Navigate to ADVANCED > Administration > Firmware Upgrade.
    You should see the Firmware Upgrade screen.
  • Click the Browse button.
  • Find and select the saved firmware on your computer.
  • Wait for the thing to reboot and away you go.

If you get stuck in the process, make a note of where, and any messages you see, and come back with some clues that people can use to guide you through the obstacles.

 

 

Message 137 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@IrvSp wrote:

First thing to try is to see the the Router will do the Update for you. Did you get to the Router page that had CHECK FOR UPDATE on it? If so did you use that button and what happened?

 

You won't usually see that option for beta firmware. That's what most of the upgrade are at this stage.

Message 138 of 234
IrvSp
Master

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@michaelkenward wrote:

@IrvSp wrote:

First thing to try is to see the the Router will do the Update for you. Did you get to the Router page that had CHECK FOR UPDATE on it? If so did you use that button and what happened?

 

You won't usually see that option for beta firmware. That's what most of the upgrade are at this stage.


R7000 Security 'fix' is no longer in Beta, it has been released. CHECK for update should pick it up (I was on the Beta so I don't know if older F/W should work, but it is supposed too).

Message 139 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@IrvSp wrote:

R7000 Security 'fix' is no longer in Beta..

 


 

This discussion has morphed into a wide discussion of all afflicted devices. Some of them still have beta firmware.

 

We don't know which device JMNB smokes.

 

The steps I describe work for beta and official firmware.

 

By all means check for the automatic update, but some of us prefer the manual approach, even for official releases.

 

 

Message 140 of 234
JMNB
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Thank you all for your responses. Here's my specific complaints about the Netgear instructions for the security issue:

 

I clicked on the link for "instructions" that came in the email alerting me to the problem. The first bit of advice was to connect your computer to the router via ethernet cable instead of using a wireless connection. There is no mention of what to do if, like millions of users, your laptop has no ethernet port.

 

The first numbered bullet advises: "Write down all the settings which you changed from the default values since you may need to re-enter them manually." I have no idea what "default values" are so I went to the next step.

 

Step number three asks you to log-in to the router. It asks for a user name and password. Up to that point I had never been to the Netgear site and therefore had no user name or passwrod. One of you helpful told me what to use, but why isn't that info on the log-in page. Or more importantly, why doesn't Netgear just log you in since EVERYONE is "admin" and the password is "password"?

 

Finally, in the "important tips", it advises you that "The upgrade process is completed when the on-screen progress bar completes. If power light LED turns amber and blinking, POWER CYCLE THE ROUTER (caps added) to complete the upgrade." Power cycle the router? What does that even mean? How do you do it?

 

Perhaps Netgear should have Community members review their proposed "instructions" before they release them to the general public.

 

Thanks to all of you who responded so quickly.

Jon (JMNB)

Message 141 of 234
RSM52
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Some further confusion.  I received an e-mail from Netgear yesterday indicating that a fix was available for my router.  I had already installed the beta firmware as soon as that came out. So... I assumed that this e-mail was the permanent fix.  Imagine my surprise when I started to install the new firmware and I was told it was already installed.  So my question is has the beta firmware now become the permanent fix or should I install the new firmware over the beta firmware even though they have the same release numbers?

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 142 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@JMNB wrote:

I clicked on the link for "instructions" that came in the email alerting me to the problem. The first bit of advice was to connect your computer to the router via ethernet cable instead of using a wireless connection. There is no mention of what to do if, like millions of users, your laptop has no ethernet port.

 

Use the wifi to download a copy of the firmware to your PC. Then go through the update process and pray that nothing goes wrong. Many people happily upgrade using wifi.

 


@JMNB wrote:
The first numbered bullet advises: "Write down all the settings which you changed from the default values since you may need to re-enter them manually." I have no idea what "default values" are so I went to the next step.

 

If you haven't changed anything, you are on the default values, although you will have a saved username and password for your internet login. Keep a record of those details.

 

But many people don't bother with that process. Many firmware updates do not require a "factory reset" that will wipe out your settings. This one doesn't seem to need it.


@JMNB wrote:

Step number three asks you to log-in to the router. It asks for a user name and password. Up to that point I had never been to the Netgear site and therefore had no user name or passwrod. One of you helpful told me what to use, but why isn't that info on the log-in page.

 

 

When you login to the router you are going nowhere near the internet. That is a local address for your hardware so that you can get in there and configure things and apply the new firmware.

 


@JMNB wrote:
Or more importantly, why doesn't Netgear just log you in since EVERYONE is "admin" and the password is "password"?

 

 

See above. You aren't logging into Netgear.

 

Most people change the local password as a security measure so that their neighbours don't get in and wreak havoc.

 


@JMNB wrote:
Power cycle the router? What does that even mean? How do you do it?

 

Good question. It means turn the thing off and on at the mains or using the power switch on the back.

Message 143 of 234
JMNB
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

A big THANK YOU to michaelkenward (Master) who responded to my question and addressed each question clearly. If he worked for Netgear I probably wouldn't have had to post my complaint! Appreciate the help, man.

JMNB

Message 144 of 234
Unfiltered1
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I ran into the same situation RSM52.  I didn't receive an email but I had previously installed the beta release of the firmware and today I rummaged around the Netgear site till I found reference to an apparent new, non beta firmware version.  I downloaded it and during the update process was also notified that I already had the same version installed.  I went ahead and ran the newly downloaded version and everything is working so I guess it didn't break anything.  It shows the same version number as previous so I don't know if this is still the beta version or not.  Seems like Netgear would have changed one of the numbers if it was a new release out of beta.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 145 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@Unfiltered1 wrote:

Seems like Netgear would have changed one of the numbers if it was a new release out of beta.

 


 

Indeed. Make that "Netgear should have changed one of the numbers...".

 

My guess is that they are rushing around like headless chicken trying to pick up the pieces.

 

Message 146 of 234
RSM52
Tutor

Re: Two leading Netgear routers are vulnerable to a severe security flaw

One would think they would.  Thanks for checking in on this.  It would be nice to hear from their moderators if indeed they are the same or not.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 147 of 234
IrvSp
Master

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Not 100% sure that they change release numbers from a Beta to an Official release? I don't recall it happening before other than to basically change content?

 

Since this was 'supposedly' a single fix (admittedly with a large jump in release number) I would have expected a fast path through Beta and QA testing. More than likely built the code on the last official release and just added the require code for the Security fix. I'll also assume the large jump in release version was due to the work that had been going on from the last Official release and internal builds with new fixes and additions. They will probably now merge the Security fix into the code just before this one and continue working towards a new Beta?

Message 148 of 234
Stealth57
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I'm running the R6900, which has a beta firmware listed (R6900-V1.0.1.14_1.0.14.chk); however, then I run the manual procedure from a Mac directly connected to the router via CAT5, the thermometer finishes but the spinning hourglass never does.  The reported firmware version never updates.  Anyone having this issue with the manual update not working?

Model: R6900|Nighthawk AC1900 Smart WiFi Router
Message 149 of 234
RELamb
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Need some direction here -I downloaded the firmware update (R7000-v1.0.7.6_1.1.99.chk) due to email I received about the latest Netgear vulnerability and I've been in download mode for over 2 hours now (says it will only take about 2 minutes).  This download/update doesn't seem like it is/will happen so if I just closed my browser or logged off will that mess up my router and/or connections as I wonder if anything was actually installed since there was no reboot?  Please advise as to what options I really have left. Thank you.

Message 150 of 234
Top Contributors
Discussion stats
Announcements

Orbi WiFi 7