Discussion stats
  • 28 replies
  • 6764 views
  • 39 kudos
  • 11 in conversation
Announcements

Top Contributors
Reply
Highlighted

The last straw: new vulnerability for R7000 R6400 R8000

Well, this is pretty much the last straw for me. I knew it was only a matter of time considering all of the broken promises, the messages of "coming soon", and flat out abondonment of your products Netgear.

 

There is a new vulnerability out (shocking right?) that is affecting multiple routers and the way Netgear has handled the R8000 gives me less than zero confidence that they will keep their word, or do anything with this product anymore. In this landscape, everything is being attacked on a regular basis and Netgear has only proven that they will not keep up with the fast pace of security. 

 

I'm out.

 

https://www.reddit.com/r/netsec/comments/5hfkc2/netgear_r7000_and_r6400_routers_are_vulnerable_to/db...

Message 1 of 29

Accepted Solutions
Highlighted
NETGEAR Employee Retired

Re: The last straw: new vulnerability for R7000 R6400 R8000

Hi All,

 

The Security Advisory for VU 582384 has been updated.

Also, for more information see the link below.

 

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Two-leading-Netgear-routers-are-vulnerable-t...

ElaineM
NETGEAR Community Team

View solution in original post

Message 29 of 29

All Replies
Highlighted
Guru

Re: The last straw: new vulnerability for R7000 R6400 R8000

http://routersecurity.org/bugs.php

 

I hope you find something less buggy.

 

Message 2 of 29
Highlighted

Re: The last straw: new vulnerability for R7000 R6400 R8000

It's not about finding something less buggy. ALL code has bugs. It's about purchasing something from a company that is active in securing their product when vulnerabilities are discovered. Netgear has done nothing to bolster my confidence that they are willing to keep their products up to date. I would rather have a product with bugs and a company willing and actively fixing them than a company that hasn't released an update in 6 months.
Message 3 of 29
Highlighted
Guru

Re: The last straw: new vulnerability for R7000 R6400 R8000

What makes you think Netgear is not going to fix a bug as big as this one?

Message 4 of 29
Highlighted

Re: The last straw: new vulnerability for R7000 R6400 R8000

Did you actually read anything I posted? They promised features coming to the R8000 that lower models already have. They have been saying, coming soon for over a year. There are open vulnerabilities they have yet to patch, and to quote myself, they have done nothing to bolster my confidence that they will patch it in a timely manner, hence the point of my whole post.
Message 5 of 29
Highlighted
Virtuoso
Virtuoso

Re: The last straw: new vulnerability for R7000 R6400 R8000

What about R6300 v1?

Message 6 of 29
Highlighted
Apprentice

Re: The last straw: new vulnerability for R7000 R6400 R8000

A Men brother.  Netgear seems to be EXTREMELY SLOW with releasing FW updates and addressing things.  Instead of pushing out new routers every month, lets fix/secure what you already have on the market!

 

Message 7 of 29
Highlighted
Tutor

Re: The last straw: new vulnerability for R7000 R6400 R8000

I thought you were "out" so can this thread be locked please?
Message 8 of 29
Highlighted

Re: The last straw: new vulnerability for R7000 R6400 R8000

I'm "out" as in, I will no longer be purchasing Netgear products. If an admin deems that this communication is not within the guidelines of their community then they can exercise the right to lock it. Wow. Thought this community would be a lot more understanding as we are all in the same boat with the lack of support. Guess there's some bad apples in every bunch.
Message 9 of 29
Highlighted
Tutor

Re: The last straw: new vulnerability for R7000 R6400 R8000

I'm the bad apple?  I've been in online communties since before usenet in the mid 1980's.  What I don't understand is someone announing to the community is that they are done, but keep coming back for more.  You are done with Netgear.  We get it.  Move on.  Others here need solutions and are not in a position to quit yet.

Message 10 of 29
Highlighted

Re: The last straw: new vulnerability for R7000 R6400 R8000

If the shoe fits...

 

I don't think your community experience is in anyway relevant. Either way, my hope is that others will see this post and actually have constructive conversation about the situation. Yes I'm done with Netgear meaning I will never buy one of their products, but I still have this 250 dollar piece of junk and I'm trying to figure out what to do with it. Being done also doesn't mean that I don't care about others in the community, finding more issues/solitions, or even hearing from a Netgear rep would be nice. Your original comment is not constructive or helpful in any way regardless of your experience. 

Message 11 of 29
Highlighted
Tutor

Re: The last straw: new vulnerability for R7000 R6400 R8000

Your done here so no one can see your posts. What did you type?
Message 12 of 29
Highlighted

Re: The last straw: new vulnerability for R7000 R6400 R8000

For someone who wants the thread locked, you sure do post a lot.

Message 13 of 29
Highlighted
NETGEAR Employee Retired

Re: The last straw: new vulnerability for R7000 R6400 R8000

If you think a thread should be locked then you should PM a NETGEAR mod and the mod can consider the request.

 

Please stick to the topic.

Message 14 of 29
Highlighted
Guru

Re: The last straw: new vulnerability for R7000 R6400 R8000

Netgear has acknowledged the vulnerability.

http://kb.netgear.com/000036386/CVE-2016-582384

Message 15 of 29
Highlighted
Guide

Re: The last straw: new vulnerability for R7000 R6400 R8000

A reliable source:

 

https://www.kb.cert.org/vuls/id/582384

● Netgear R7000 (Root Router)
● TP-Link Archer C7 v2 (WDS Bridge)


Message 16 of 29
Highlighted

Re: The last straw: new vulnerability for R7000 R6400 R8000


@Captiva wrote:
I thought you were "out" so can this thread be locked please?

You are mindguarding the group against dissent here. That's a symptom of groupthink. Someone has voiced displeasure and said they are "out" so their opinion no longer counts even if they still own the product? People reading this need to know how customers feel about this issue. 

 

Another symptom of groupthink is illusion of invulnerability. How long has Netgear known of this issue? I've read Acew0rm notified them in August. If so that's quite the response lag. And apparently the canard about keeping remote management turned off isn't quite the panacea it seemed before this vulnerability hit. 

 

Maybe Netgear needs to buckle down and get less reactive and more proactive. 

Message 17 of 29
Highlighted

Re: The last straw: new vulnerability for R7000 R6400 R8000


@cetheridge30 wrote:
I'm "out" as in, I will no longer be purchasing Netgear products. If an admin deems that this communication is not within the guidelines of their community then they can exercise the right to lock it. Wow. Thought this community would be a lot more understanding as we are all in the same boat with the lack of support. Guess there's some bad apples in every bunch.

I am glad you voiced your opinion. Really thinking seriously about ditching home routers for a pfsense box with a separate AP within the network. I guess that makes me pariah here also.

Message 18 of 29
Highlighted

Re: The last straw: new vulnerability for R7000 R6400 R8000

I like the way you think. I have really looked at pfsense as well. A little embarrassed to say that I am a network admin by trade and rely on plastic boxes for my home network. I mean there is something to say for ease of use but I may just have to bite the bullet and go all in on a custom box.
Message 19 of 29
Highlighted

Re: The last straw: new vulnerability for R7000 R6400 R8000


@TheEther wrote:

What makes you think Netgear is not going to fix a bug as big as this one?


What's the timeline of their knowledge of this bug? Sources say since August. So they got on the ball when it became a matter of CYA instead of prudence or morality? I guess we can offset the stances of fiduciary responsibility versus externalities, especially those of potential victims of botnets. But shareholders ALWAYS win over stakeholders and society in general. That's bottom line.

Message 20 of 29
Highlighted
NETGEAR Employee Retired

Re: The last straw: new vulnerability for R7000 R6400 R8000


As our investigation continues we will provide further updates to our security advisory. Thank you for your patience.

Message 21 of 29
Highlighted

Re: The last straw: new vulnerability for R7000 R6400 R8000


@mdgm wrote:

As our investigation continues we will provide further updates to our security advisory. Thank you for your patience.


Shouldn't you be checking this response green as a solution?

Message 22 of 29
Highlighted
NETGEAR Employee Retired

Re: The last straw: new vulnerability for R7000 R6400 R8000

The Security Advisory has been updated with more information and beta firmware for some affected models.

Message 23 of 29
Highlighted
Aspirant

Re: The last straw: new vulnerability for R7000 R6400 R8000

Well...I'm in and not out.

 

NETGEAR:

  • Publicly acknowledged the issue.
  • Made the issue mission critical.
  • Provided a beta during the interim.

I'd say that's pretty darn good on NETGEAR's part!

 

Also, I am now contemplating the purchase of a R9000 or an Orbi setup as my R7000 has been stellar on all fronts. Yep, I'm in all the way. Happy Holidays to all!

Message 24 of 29
Highlighted
Apprentice

Re: The last straw: new vulnerability for R7000 R6400 R8000

"Acew0rm alerted Netgear to the problem on Aug. 25, but never heard back, the researcher told Fortune in a direct message on Twitter. So four months later, Acew0rm took the find public"

 

Made the issue "mission critical?"

If that was the case, we would have had a new FW in August/September....

Message 25 of 29