Reply

R8000 New firmware 1.0.3.36_1.1.25

rojen88
Guide

R8000 New firmware 1.0.3.36_1.1.25

New firmware (3.36) said for security fix. What security fix does this one apply?

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 1 of 19

Accepted Solutions
ElaineM
NETGEAR Employee Retired

Re: R8000 New firmware 1.0.3.36_1.1.25

It fixes PSV-2016-0245 & PSV-2016-0254.

ElaineM
NETGEAR Community Team

View solution in original post

Message 8 of 19

All Replies
LeeH
Prodigy

Re: R8000 New firmware 1.0.3.36_1.1.25

You can look in the release notes.

 

http://kb.netgear.com/000037342

Message 2 of 19
LeeH
Prodigy

Re: R8000 New firmware 1.0.3.36_1.1.25

I took a look at the R7900 release notes and they state the security issues explicitly.  Not sure why the R8000 are so ambiguous.  The two routers are almost identical.

Message 3 of 19
rojen88
Guide

Re: R8000 New firmware 1.0.3.36_1.1.25

Yeah, one sentence, "fixed security issue"!  

Which security issue?

How serious?

Do I need to upgrade?

Will it brick my router? 

Lol Lol Lol..............

Message 4 of 19
schumaku
Guru

Re: R8000 New firmware 1.0.3.36_1.1.25

The confusion started with two subminor releases for the R8000 within a few days - most likely on the same security issue, probably not propelry fixed before - regardless of the 

 

R8000 Firmware Version 1.0.3.26

R8000 Firmware Version 1.0.3.36

Best guess (yes, I know ...) it's all about CVE-2016-6277, PSV-2016-0245 (formerly designated VU #582384..

 

Remains the question what PSV-2016-0068 is about ...

 

 

Message 5 of 19
rojen88
Guide

Re: R8000 New firmware 1.0.3.36_1.1.25

I see! 

But 1.0.3.26 already been replaced by 1.0.3.32 a while back. It seems to be a stable version.(or at least to me).

Message 6 of 19
schumaku
Guru

Re: R8000 New firmware 1.0.3.36_1.1.25

Well, as per Security Advisory for CVE-2016-6277, PSV-2016-0245 we _should_ be fine.

 

But now we have this Security Advisory for Insecure Timestamp Password Vulnerability, PSV-2016-0254 on the table - however, I fail to find any reference to a CVE-2017-5679. And the confusing entry from January 2017 on NETGEAR Product Security Advisory

 

Netgear at it's best...I am lost at this point. What a me**.

 

Can some Netgear Mods take care of this, and shed some light please? @ElaineM please....

Message 7 of 19
ElaineM
NETGEAR Employee Retired

Re: R8000 New firmware 1.0.3.36_1.1.25

It fixes PSV-2016-0245 & PSV-2016-0254.

ElaineM
NETGEAR Community Team

View solution in original post

Message 8 of 19
schumaku
Guru

Re: R8000 New firmware 1.0.3.36_1.1.25


@ElaineM wrote:

It fixes PSV-2016-0245 & PSV-2016-0254.


Thank you @ElaineM. Conclude, both the R8000 1.0.3.36 Release Notes as well as the PSV-2016-254 KB entries require an update 8-)  

Message 9 of 19
ElaineM
NETGEAR Employee Retired

Re: R8000 New firmware 1.0.3.36_1.1.25

Yes. I already forwarded it to the team.

ElaineM
NETGEAR Community Team
Message 10 of 19
rojen88
Guide

Re: R8000 New firmware 1.0.3.36_1.1.25

When you search for new firmware update the new version (1.0.3.36) did not show up so does that mean it is not that important? AND we should wait? Smiley Happy

 

Message 11 of 19
schumaku
Guru

Re: R8000 New firmware 1.0.3.36_1.1.25


@rojen88 wrote:

When you search for new firmware update the new version (1.0.3.36) did not show up so does that mean it is not that important? AND we should wait? Smiley Happy

 


Valid question - I don't know on how Netgear does schedule the love updates - @ElaineM?

Message 12 of 19
ElaineM
NETGEAR Employee Retired

Re: R8000 New firmware 1.0.3.36_1.1.25

That seems to be a server issue. Let me ping the people responsible for that matter. 

ElaineM
NETGEAR Community Team
Message 13 of 19
ElaineM
NETGEAR Employee Retired

Re: R8000 New firmware 1.0.3.36_1.1.25

Firmware is up now through the GUI. 

ElaineM
NETGEAR Community Team
Message 14 of 19
Chapzter
Tutor

Re: R8000 New firmware 1.0.3.36_1.1.25

What's confusing me is that the version number is lower than my existing one.  I am currently running 1.0.3.4 which is running stable.  The latest version is 1.0.3.36?  I though it was a mistake so I was afraid to replace it. This router out preforms any other router I have ever owned so I'm afraid to mess it up with a firmware update, especially if it's an older version.  I tried the nighthawk x10 and it was so miserable that I returned it in 48 hours.

Message 15 of 19
rojen88
Guide

Re: R8000 New firmware 1.0.3.36_1.1.25

No, this version is way higher than 1.0.3.4.   It is 4..5..7..8..10..15...21..30..32..33..34..35..36!  (Don't know why the version numbers jumped).

Accordingly 1.0.3.32.. fixed a SERIOUS security flaws. So not updating at your own risk!

But I totally understand what you meant.

Message 16 of 19
Chapzter
Tutor

Re: R8000 New firmware 1.0.3.36_1.1.25

Oh, I see. Thanks!! I think my brain put a "." between the 3 and the 6 so I saw 1.0.3.3.6. I will proceed with the update. I can always revert back if I encounter any issues. Thanks for setting me straight!
Message 17 of 19
dspiatkowski
Aspirant

Re: R8000 New firmware 1.0.3.36_1.1.25

...and the other MAJOR problem with this latest firmware release is that it completely brakes the Android version of the app...so as I came to find out last night, the mobile app doesn't even manage to LOG-IN to the router anymore...completely dead.

 

I left the app feedback on Google App page, but I have no idea who (if anyone) actually reads this.

 

Sooo...for me, it's time to roll-back the firmware upgrade and as you stated in your post: beware!!!

Message 18 of 19
ElaineM
NETGEAR Employee Retired

Re: R8000 New firmware 1.0.3.36_1.1.25

@dspiatkowski I suggest that you create another thread for that matter.

ElaineM
NETGEAR Community Team
Message 19 of 19
Top Contributors
Discussion stats
  • 18 replies
  • 6284 views
  • 8 kudos
  • 6 in conversation
Announcements

Orbi WiFi 6E