Orbi WiFi 7 RBE973
Reply

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@RELamb wrote:

Need some direction here -I downloaded the firmware update (R7000-v1.0.7.6_1.1.99.chk) due to email I received about the latest Netgear vulnerability and I've been in download mode for over 2 hours now (says it will only take about 2 minutes).

 


 

This confuses me.

 

Do you mean you have the file you need somewhere on your PC or is it still trying to get the file?

 

Or do you mean that you have file and it is hanging when you try to upload it to the router?

 

It really should take next to no time to get the chk file.

 

The steps needed to flash the firmware appear in various messages above this one. For example:

 

 

There are more, but these should get you started.

 

 

Message 151 of 234
RELamb
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I do the have file, but it is hanging when trying to upload to the router.

Message 152 of 234
Stealth57
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I have the same sort of issue on the R6900 and closing the browser and logging in from another machine didn't affect anything as the update never actually starts the overwrite. I think it gets stuck after uploading the new firmware file and before it actually starts to overwrite files.

Message 153 of 234
RELamb
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Thanks for the replies.  I went ahead and closed the browser while the (hanging) update was taking place and everything seems to be okay with the router.  The upload to the router must have never happened so I'll give it some time before attempting again (if ever).

Message 154 of 234
GinaGerson
Star

Re: Two leading Netgear routers are vulnerable to a severe security flaw

@RELamb Are you absolutly sure you got the right firmware for YOUR router? Otherwise, try to download it again from Netgear, maybe the file is incomplete or damaged.

 

And did you unzip the file? Just asking 😉

Message 155 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@GinaGerson wrote:

@RELamb Are you absolutly sure you got the right firmware for YOUR router? Otherwise, try to download it again from Netgear, maybe the file is incomplete or damaged.

 

And did you unzip the file? Just asking 😉


 

Heed this advice. It is important.

 

You should get an error if you have the wrong firmware, but this patch is such a rush job that who knows what is going on?

 

If your new firmware is not a beta version, you could try telling your modem/router to find and install the update. Instructions are in the manual for whatever box you have.

 

 

 

Message 156 of 234
Stealth57
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

UPDATE: I tried the update from my Windows 7 laptop using WiFi and the process completed very quickly. I did NOT lose any of my custom settings for SSID or passwords.  I guess a Mac can't handle something in the transfer.

Message 157 of 234
BoyceRensberger
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I was unable to follow the published instructions for updating the firmware on my R6250. But I did use the Netgear Genie to update the firmware. Much simpler. 

 

My question is: Does the Netgear Genie update to V1.0.4.6_10.1.12 contain the fixes needed?

Message 158 of 234
katedan19772001
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

I have the netgear R7800 Nighthawk X4S AC2600 and when I try the recommonded advise to see if my router might be affected with the bug. I get the number 0 on the screen. Not a blank page or an error. It makes me think mines is affected with this issue. I used the  http://[router-address]/cgi-bin/;uname$IFS-a . The router address being my router IP.  The only response from a moderator is it's not in affected devices list. 

Model # : R7800

Firmware: V1.0.2.12

OS: Windows 10 

Browser: Chrome

 

negear bug 12-1-9-2016.png

 

 

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 159 of 234
NotHome
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Smiley Frustrated  I own two of these units, and didn't hear anything about this until I read about it on Kim Komando, along with the link for the update fix. (Hopefully) Security communicatoions has got to be better than this! 

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 160 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Hell there Boyce.

 

The only ones that will show up with the genie are "factory releases". Those still in beta won't be there.

 

If you look at the advisory:

 

Security Advisory for VU 582384, PSV-2016-0245 | Answer | NETGEAR Support

 

It says that "All products followed by three asterisks (***) have production firmware fixes available."

 

The R6250 is one of those.

 

For more details, put your model into the support system:

 

Support | NETGEAR

 

This will throw up the support pages for your device

 

 R6250 | Product | Support | NETGEAR

 

where you can click through to a page of firmware and software updates. That will list all the available releases in all their glory. That too shows that you are up to date. Christmas has come early for you.

 

 

Message 161 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@NotHome wrote:

Smiley Frustrated  I own two of these units, and didn't hear anything about this until I read about it on Kim Komando, along with the link for the update fix.


 

Two of what units? The subject here is wrong and some reports turned out to be false alarms.

 

You must have missed out on, or failed to register for, the email updates that brought many people here. It has also been all over the interwebs, as you will see from the length, and age, of this discussion.

 

Message 162 of 234
BoyceRensberger
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Thanks. I'll try that and see if I get any further than by trying the instructions Netgear e-mailed  me.

 

And thank you also for wishing me hell. 🙂

Message 163 of 234
BoyceRensberger
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

On second reading, it seems that you are telling me that the Genie found the requisite update and installed it. Is that right? Is the fix already in this "factory release"?

Message 164 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@BoyceRensberger wrote:

Is the fix already in this "factory release"?


 

Seems like it.

 

You are one of the lucky ones with a device that is no longer still in the labs demanding attention.

 

 

 

 

Message 165 of 234
mdgm-ntgr
NETGEAR Employee Retired

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@katedan19772001 wrote:

The only response from a moderator is it's not in affected devices list. 

Model # : R7800

 


You can continue to monitor our security advisory page for this vulnerability to see if there is any change as our review continues.

Message 166 of 234
BoyceRensberger
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

It's definitely in Netgear's list of affected devices. That's what Netgear told me in an e-mail. Also see this: http://kb.netgear.com/000036540/R6250-Firmware-Version-1-0-4-6?cid=wmt_netgear_organic

 

My question was not that. It was whether the update via Genie covered the problem.

Message 167 of 234
Dougaloo
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

So, after getting the (late) alert from Netgear, I immediately tried to log in to my router, but the site was blocked. After doing a hard reset at the router, I was able to get to the site, but only after bumping out "another user" who was logged in to the router. I'm thinking this was a bad actor who had access to my network. True?

 

To Netgear: the fact that you didn't prevent this vulnerability, compounded by your slow response, is unacceptable. This is not just a firmware hiccup. My entire network, including all of the devices that access it, and all of my passwords, may have been breached.

Message 168 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@Dougaloo wrote:

So, after getting the (late) alert from Netgear, I immediately tried to log in to my router, but the site was blocked. After doing a hard reset at the router, I was able to get to the site, but only after bumping out "another user" who was logged in to the router. I'm thinking this was a bad actor who had access to my network. True?

 

 

You aren't the first person to think that logging into your router takes you to a Netgear site. There is no "site", nor is there another user. That was you.

 

When you login to the router, you go to the local browser based interface for your hardware. You can do that even if you are not connected to the Internet. Indeed, you have to get in there before you have an Internet connection so that you can set up your hardware to get connected.

 

So, you can be pretty sure that there is no "bad actor" wreaking havoc on your network. Just you logged in twice.

 

For all the flap about this nasty "back door" issue, I haven't seen any reports here of anyone exploiting this feature. Netgear rushed out fixes within a week or so of the news going public.

 

Message 169 of 234
Dougaloo
Aspirant

Re: Two leading Netgear routers are vulnerable to a severe security flaw

Michael, thanks for your reply and clarification. Actually, I used the word "site" incorrectly. I know that when I try to log into my Netgear console, I'm not going to a site, but instead I am logging in through a local network browser.

 

Still, I was concerned when, after doing a reset at the router, when I tried to log in to the console, I got a warning that someone else was logged in. I've done resets before and never have seen this message before, so that's what concerned me. Another cause for concern was that I did have my Remote Management option checked prior to receiving the message from Netgear. I've now disabled that, as I don't really need remote access anymore.

 

As for Netgear rushing out fixes, c'mon, they knew since August! But I'm hoping you're right, and despite this vulnerability, that the breach wasn't exploited by hackers.

 

Thanks to you and the Netgear community for your helpful support.

Message 170 of 234

Re: Two leading Netgear routers are vulnerable to a severe security flaw


@Dougaloo wrote:
I got a warning that someone else was logged in. I've done resets before and never have seen this message before, so that's what concerned me.


 

I've seen that "logged in elsewhere" message pretty often. But I have three PCs on my desk (don't ask) so I have more "opportunities" to get bitten.

 


@Dougaloo wrote:

As for Netgear rushing out fixes, c'mon, they knew since August! But I'm hoping you're right, and despite this vulnerability, that the breach wasn't exploited by hackers.

 


 

In theory, that's true. But if you read the subsequent (refreshingly honest) communications from Netgear it turns out that the company did not take those first reports seriously. That or the warning got stuck in the system.

 

It wasn't until the people who first alerted Netgear went public earlier this month – alerting hackers and potential evil doers to the possibilities – that Netgear finally got its act together. It then threw itself into fixing the issue. So it really was a rush job, but after a delay that never should have happened.

 

Message 171 of 234
loppnow
Aspirant

Re: Firmware 1.0.7.6

I downloaded and installed this new firmware release on my R7000 router.  It seems to have automatically changed my Wireless Network Name and Wireless Network Key.  Is that what is supposed to happen ?  

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 172 of 234
Kitsap
Master

Re: Firmware 1.0.7.6

I downloaded the zip file, unpacked the .chk file and manually accomplished the firmware update.

 

The firmware version I started with was V1.0.7.2_1.1.93 and after the update had 1.0.7.6_1.1.99.  This process did not change either my network name or network key on either the 2.4 Ghz or 5 Ghz band.

 

It may depend on what version of firmware you started with prior to the update.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 173 of 234
hggomes
Tutor

Re: Firmware 1.0.7.6

Message 174 of 234
IrvSp
Master

Re: Firmware 1.0.7.6

Perchance did you RESET the router AFTER you applied the new firmware? In that case, yes, it sets you back to the default state on all settings.

Message 175 of 234
Top Contributors
Discussion stats
Announcements

Orbi WiFi 7