Reply

Security vulnerability found - How to report?

Nova20176
Luminary

Security vulnerability found - How to report?

Shocked at what happend to my home router last night.  Hope someone can put me in contact with the right person at Netgear.  Thx

Model: R7900P|Nighthawk X6S Smart WiFi Router with MU-MIMO
Message 1 of 11
microchip8
Master

Re: Security vulnerability found - How to report?

Can you explain a bit more about what happened?

 

you can report security bugs here https://www.netgear.com/about/security/default.aspx

Routing: NETGEAR RAX43 - Firmware: V1.0.11.112 (1 Gbps down, 50 Mbps up)
Switching: 2x NETGEAR 8-ports (GS108v4) / 1x NETGEAR 16-ports (JGS516v2)
Desktop: AMD Ryzen 7 3700X - Server: Intel Core i7-7700K - NAS: Intel Pentium G4400, 20 TB
Message 2 of 11

Re: Security vulnerability found - How to report?


@microchip8 wrote:

Can you explain a bit more about what happened?

 


From that information, who knows? Could be yet another of those false positives from a writer of security software that does not know its arse from its elbow and scares the life out of people for no good reason. Or it could be the end of the world.

 

If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR custo...

 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 3 of 11
Nova20176
Luminary

Re: Security vulnerability found - How to report?

Power outage and when the power came back, the wifi settings had changed - default SSID and no security. Custom admin PW remained intact.
Message 4 of 11

Re: Security vulnerability found - How to report?

That is not a security vulnerability as most people would recognise it. Did your router even manage to reconnect ewit its settings wiped?

 

A reboot certainly should not wipe all the settings. But power cuts are unpredictable and difficult to accommodate. Sometimes they are down to events that can kill a device store desd.

 

I don't think you will get very far reporting this one. 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 5 of 11
Nova20176
Luminary

Re: Security vulnerability found - How to report?

When it came back on, anyone could connect to the network and access the wired devices. The wireless devices obviously can't reconnect. Pretty big f#@k&n problem!
Message 6 of 11
IrvSp
Master

Re: Security vulnerability found - How to report?


@Nova20176 wrote:
When it came back on, anyone could connect to the network and access the wired devices. The wireless devices obviously can't reconnect. Pretty big f#@k&n problem!

That sounds like your NVRAM got wiped out. Power surges and power drops can do some odd things.

 

I don't understand your comments though? Of course if the router reboots and comes up working the wired devices will work as if nothing happened (assume the router worked properly, and that excluded wireless operation). What I don't understand is 'who' is 'anyone'? I'll assume that wireless was unprotected, no p/w required? Probably consistent with the NVRAM being erased?

 

Security Vulnerabilities are different that a firmware problem (if this is even one). Those are for 'outside' attacks on the router.

Message 7 of 11
Nova20176
Luminary

Re: Security vulnerability found - How to report?

As above ”when the power came back, the wifi settings had changed - default SSID and no security.”

Anyone within wifi range could jump on my network and have full access to the wired devices.

I was not using MAC filtering (I am now) at the time of this incident, so I don't know if those settings were lost along with the WiFi security settings. I started using the MAC filter as another layer, in hopes that it would block a passer by from being able to join my network if this happens again.
Message 8 of 11
IrvSp
Master

Re: Security vulnerability found - How to report?


@Nova20176 wrote:
As above ”when the power came back, the wifi settings had changed - default SSID and no security.”

Anyone within wifi range could jump on my network and have full access to the wired devices.

I was not using MAC filtering (I am now) at the time of this incident, so I don't know if those settings were lost along with the WiFi security settings. I started using the MAC filter as another layer, in hopes that it would block a passer by from being able to join my network if this happens again.

Yes, that could happen. Under Access Control you could turn it on and block all NEW devices from connecting as well. If you should have someone visiting of course they couldn't connect either. Simply go to Access Control and ALLOW them to connect. Not sure what you meant by MAC filtering here? I'll assume you mean reserving an IP Address by MAC Address?

 

If you lose power often, I suggest you get a UPS to connect the router (and modem) to, those do not draw a lot of power and can last many hours depending on wattage rating. It would give you time to properly power them down after a power loss.

 

Message 9 of 11

Re: Security vulnerability found - How to report?


@Nova20176 wrote:

I was not using MAC filtering (I am now) at the time of this incident, so I don't know if those settings were lost along with the WiFi security settings.


If it lost one setting, wiping out the NVRAM, then the whole lot usually goes back to defaults.

 

It is rare to see reports here of "spontaneous resets". It has happened on some devices with some firmware. But it is not a universal issue.

 

Power cuts usually end up with a reboot. If your router reset itself that can mean that there is a firmware fault or that the power cut itself caused some sort of surge on the line that screwed up the device. For example, no one at Netgear is going to be able to write firmware that protects you from lighting strikes. (Lightning is just as likely to do damage through the telephone line as on the mains.)

 

 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 10 of 11
IrvSp
Master

Re: Security vulnerability found - How to report?


@michaelkenward wrote:


If it lost one setting, wiping out the NVRAM, then the whole lot usually goes back to defaults.

 

Exactly, but then this part doesn't make sense, " Custom admin PW remained intact"?

 

I'm pretty sure I've seen reports of people not being able to login to the router after a reset, and it was because they changed the password and were not using the default.

 

As far as I know there is only one NVRAM in the router, not one for data and another for the login credentials?

 

That leaves only a few possibilities...

 

  • Physical damage from the power drop to the router (unlikely though).
  • Router was in the process of writint to the NVRAM when the power dropped (more likely).
  • Something else unknown caused NVRAM to be partially erased (I thinking a power surge)
  • There was more than one power drop, the original and another when it was coming up (I have seen this and the router might have been in the process of accessing the NVRAM, maybe even to write a log entry or the device attached list when that happened and data was wiped out).

Not know how NVRAM was implemented and access/controlled makes it hard to figure out.

Message 11 of 11
Top Contributors
Discussion stats
  • 10 replies
  • 1317 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 6E