Reply

Nighthawk R7000 Recent Vulnerability Disclosure

Camitt
Follower

Nighthawk R7000 Recent Vulnerability Disclosure

There was a recent disclosure of a vulnerability affecting firmware 1.0.11.116 and before for the R7000 router. This disclosure was posted here: https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/

Apparently, Netgear responded that 1.0.11.116 isn't the latest version of the software yet according to the support and download pages the latest software version is in fact 1.0.11.116:
https://www.netgear.com/support/product/r7000.aspx#download

 

When can I expect a fix for this to be released so I can make sure it gets applied to my device?

Message 1 of 3
plemans
Guru

Re: Nighthawk R7000 Recent Vulnerability Disclosure

a couple things. 

1. the firmware that the response team got is the for r7000P. not sure if the miscommunication was on netgears side or the vulnerability team.

2. we're not netgears. This is the public support forum where members of the public are trying to help others out. We have no affiliation with netgear. You might message a moderator to see about specific details 

3. The r7000 has a strong 3rd party firmware crowd. might be worth seeing if one of those might be more suited towards you if you're wanting faster updates/more capabilities. 

Current Setup: CM2000-> SXK30-> GS716v2-> RAXE500->
Message 2 of 3
DarrenM
NETGEAR Moderator

Re: Nighthawk R7000 Recent Vulnerability Disclosure

Hello Camitt 

 

You will want to install the hotfix firmware

 

https://kb.netgear.com/000063684/R7000-Firmware-Version-1-0-11-123-Hot-Fix

 

DarrenM

Message 3 of 3
Discussion stats
  • 2 replies
  • 159 views
  • 0 kudos
  • 3 in conversation
Announcements