Announcements

Top Contributors
Reply
Highlighted
NETGEAR Moderator

Re: UPDATED 6/23/20: Important Security Advisory Notification: Information on affected NETGEAR produ

@mabiduk You may want to try and reflash the firmware using the TFTP method see if that will recover the unit. I linked the KB on how to do this. https://kb.netgear.com/000059633/How-to-upload-firmware-to-a-NETGEAR-router-using-TFTP-client

 

 

DarrenM

Message 126 of 149
Highlighted
Aspirant

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ

So this is disabled by default for me. Which is good. However i tried to do the Firmware update from version 1.0.4.46 to 1.0.4.52 and the install seemed to freeze and was taking over an hour to update. I ended up pulling the plug and luckily the router was back at the old version. Is it supposed to take that long for the new firmware update??? It never took more than minutes to perform past updates.
Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 127 of 149
Highlighted
Guru

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ


@T2timmy wrote:
However i tried to do the Firmware update from version 1.0.4.46 to 1.0.4.52 and the install seemed to freeze and was taking over an hour to update

Whatever and however you tried - difficult to help. You should go for the R8000 Firmware Version 1.0.4.56 - Hot Fix - download the linked ZIP archive to your computer, unpack the archive, and upload the firmware using a Web browser accessing e..g http://routerlogin.net/ while connected to the router by local WIFi or LAN resp. using the local default gateway, for the R8000 this is by default http://192.168.1.1/  go to the Firmware Update section - if you don't know consult the fine documentation also referred in the KB link above - and select R8000-V1.0.4.56_10.1.71_BETA.chk - that's the firmware.  

Message 128 of 149
Highlighted

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Yes. R7000 and R7000P have both been referenced in this thread.
Model: R7000P|Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router
Message 129 of 149
Highlighted

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Hot Fix for R7000P is up!

Model: R7000P|Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router
Message 130 of 149
Highlighted
Aspirant

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ

Your email specifically mentioned my model number, yet the link takes me to a page that does not list an update for my EX3700.  )Please advise.

 

 

Model: EX3700|AC750 WiFi Range Extender Essentials Edition
Message 131 of 149
Highlighted
Guru

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ


@glinfoot wrote:

Your email specifically mentioned my model number, yet the link takes me to a page that does not list an update for my EX3700.  )Please advise.


You talk to the community here, not to Netgear so not our email. Best guess is that the email was generated because you have a product registered which is affected by vulnerability. Creating updates is a work-in-progress, the risk on extender products is much lower as these don't have an Internet exposed Web interface so these will get updates after all routers.

Message 132 of 149
Highlighted
Aspirant

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ

Received an email from yourselves about the security update about Remote Management. After 173 attempts to login to the device (farcical) I can fin NOWHERE that states ADVANCED, REMOTE MANAGEMENT or WEB MANAGEMENT. 

You tell me my model is affected, so how / where do I find this setting please? Access is via Chrome / Netgear Genie.

 

I am loathe to download 'beta' firmware, especially as clicking the link in 'check online' finds no automated firmware update.

 

So to recap:

1) Is the EX3700 affected?

2) If yes, where is ADVANCED / REMOTE MANAGEMENT

Model: EX3700|AC750 WiFi Range Extender Essentials Edition
Message 133 of 149
Highlighted
Tutor

Re: UPDATED 6/23/20: Important Security Advisory Notification: Information on affected NETGEAR produ

Thanks for that. I did contact Netgear themselves and they ran through these procedures with me several times. Eventually they said they are sending me a new router, which arrived yesterday. I did carry our the firmware update on that device and it is working perfectly fine.

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 134 of 149
Highlighted
Tutor

Re: UPDATED 6/23/20: Important Security Advisory Notification: Information on affected NETGEAR produ

Hi, thanks for your suggestion,

 

Yes I reset it plenty of times.

 

Eventually I got talkign to tech support who talked me through the various processes they wanted me to carry out. After still not having any joy they said they will be exchanging my router for a new one, which arrived yesterday. I carried out a firmware update on that router and it is working perfectly fine.

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 135 of 149
Highlighted
Tutor

Re: UPDATED 6/23/20: Important Security Advisory Notification: Information on affected NETGEAR produ


@Lorraineg57 wrote:
What happens when you attempt to connect?
Not sure if you are saying you unable to connect to the router through the web interface or that your computer doesn't find your network?

Hi and thank you for your comment,

 

The computer was connected via ethernet to the router and router acknowledged this by the relevant light on it. The computer could not log into the router itself and the router was shopwing as no internet.

Eventually I got talkign to tech support who talked me through the various processes they wanted me to carry out. After still not having any joy they said they will be exchanging my router for a new one, which arrived yesterday. I carried out a firmware update on that router and it is working perfectly fine.

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 136 of 149
Highlighted
Tutor

Re: UPDATED 6/23/20: Important Security Advisory Notification: Information on affected NETGEAR produ

Hi and Thanks Darren,

Yes I reset it plenty of times.

Eventually I got talkign to tech support who talked me through the various processes they wanted me to carry out. After still not having any joy they said they will be exchanging my router for a new one, which arrived yesterday. I carried out a firmware update on that router and it is working perfectly fine.

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 137 of 149
Highlighted
Tutor

Re: UPDATED 6/23/20: Important Security Advisory Notification: Information on affected NETGEAR produ


@Portwey84 wrote:

@mabiduk  I realise this might not be a popular position to take, but how is this Netgear's fault? I downloaded the firmware hotfix, applied it and it works perfectly. I'm not a Netgear fanboy by the way, I'm just trying to keep some perspective on this. You've not really provided much information on what you think has actually gone wrong during the firmware upgrade process. I'm not trying to sound condescending, I'm genuinely trying to understand why all of a sudden you seemingly can't log into your router anymore. Are you able to shed any light at all on how you carried out the firmware upgrade?

 

Besides, Netgear staff from what I've read, don't even look at this forum. It's a community forum, so complaints probably won't attract any attention anyway.


Thank you for your comment @Portwey84 ,

 

The router was working fine (minus the security issue identified) prior to downloading the hotfix, but not working at all after installing the hotfix. The computer could not log into the router using ethernet cable. The wifi would not turn on and it was showing as no internet connection (even though the internet was working).

 

I spoke to Tech Suport who got me to run a few procedures before informing me that they want to send me an exchanged router. The replacement router arrived yesterday, I downloaded an updae firmware on it and it is working fine.

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 138 of 149
Highlighted
Aspirant

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ

Christine,

 

I, like many other NetGear router owners, am concerned about the latest Security Advisory and tried to follow the instructions for downloading and applying the Hot Fix provided by NetGear.

 

However, each time I tried to run the Hot Fix I received a .zip file:

 

R6250-V1.0.4.40_10.1.30_BETA.zip

 

containing these two files:

 

R6250-V1.0.4.40_10.1.30.chk

R6250-V1.0.4.40_10.1.30_Release_Notes.html

 

And when I click on the .chk file Windows launches its messages (my paraphrase here!), "This is a system file, so be careful" and "Which program should be used to run this file?". 

 

I'm running Firmware Version V1.0.4.38_10.1.30

 

How do I run the .chk file to apply the R6250 Firmware Version 1.0.4.40 - Hot Fix?

 

Note: I confirmed that Remote Management was turned off on my router, in compliance with the NetGear recommendation.

 

Thanks for your help.

 

Chuck

Model: R6250|Smart WiFi Router (AC1600)
Message 139 of 149
Highlighted
Aspirant

Re: UPDATED 6/23/20: Important Security Advisory Notification: Information on affected NETGEAR produ

@mabiduk @ChristineT 

 

Maybe you can help me.

I noticed in your posting that you "downloaded the firmware Hot Fix, applied it and it works perfectly". I am unable to do that with the Hot Fix for my model (R6250); I receive a .zip file that contains two files, a .chk file (18.5 MB), and an .html file, which takes me back to the NetGear Security Notice. I don't know how to run a .chk file and, besides, I'm wondering if I shouldn't just ignore this Hot Fix (I confirmed that "Remote Management" is off on my router).

 

Any advice you can give about this issue I have with the cryptic Hot Fix download file will be appreciated!

Thanks.

Chuck

Model: R6250|Smart WiFi Router (AC1600)
Message 140 of 149
Highlighted
Sensei

Re: UPDATED 6/23/20: Important Security Advisory Notification: Information on affected NETGEAR produ

> [...] I don't know how to run a .chk file [...]

 

   Here's a radical concept:

 

      https://en.wikipedia.org/wiki/RTFM

 

   Visit http://netgear.com/support , put in your model number, and look
for Documentation.  Get the User Manual.  Read.  Look for "firmware".
It's not that complicated.

 

      https://community.netgear.com/t5/x/x/m-p/1721037#M124018

Message 141 of 149
Highlighted

Re: UPDATED 6/23/20: Important Security Advisory Notification: Information on affected NETGEAR produ

@C2SubVet 

Are you able to get to this page?

 

Routerlogin.net

advanced tab>administration (left column)>router update

Once you are on this page: browse (beside locate and select upgrade)> select the chk file>upload>apply.

It will then install the hot fix.

 

 

netgear.PNG

 

Message 142 of 149
Highlighted
Aspirant

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ

Will the WNDR3400v3 be updated soon?   Or is this model at End of Life (EOL)?  Please advise the community.   Thank you for your help.

Model: WNDR3400v3|N600 Wireless Dual Band Router
Message 143 of 149
Highlighted
Sensei

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ

> Will the WNDR3400v3 be updated soon? [...]

 

   "updated" from what?  When did you last check?

 

   Visit http://netgear.com/support , put in your model number, and look
for Downloads.  (For older versions, under Firmware and Software
Downloads, look for "View Previous Versions".)  Find the kit(s).
Download the kit(s) you want.  Read the "Release Notes" file for
instructions.

 

   When I do that, I see "Firmware Version 1.0.1.28 - Hot Fix".  What do
you see?

Message 144 of 149
Highlighted
Apprentice

Re: UPDATED 6/23/20: Important Security Advisory Notification: Information on affected NETGEAR produ


@DarrenM wrote:

@Portwey84  Yes Netgear does monitor and participate in the community.

 

DarrenM

 

Thanks for clearing that up. In which case then I'd like to raise an issue concerning router security which perhaps you have the ability to pass on?

 

I've been proactively updating the firmware on my own R7000 AC1900, no less than 3 times now in the last month, so I'm now currently using Hot Fix v.104 Beta. I'd like to point out, I've not had any issues with any of the firmwares from v.64 (the firmware my router left the factory on) to date. The latest firmware update appears once again to be working without issue.

 

Today I decided to run Bitdefender Home Scanner on my system. Out of the 20 devices I have connected through my router, only two come back as 'At Risk'. One is my Humax Eye camera which I've been well aware of for quite some time and I probably shouldn't use it, but the Home Scanner reports it as 'Medium risk'. The other, yes, you've probably guessed, is the R7000 router itself which Bitdefender reports as potentially 'High Risk' and further reports:

 

HTTP uses insecure authentication procedure, HTTP accepts unencrypted (plain text) logins

 

It then goes on to report - What can happen:

 

Attackers might use this vulnerability to control the affected device and perform unauthorized actions. The device can subsequently be used to steal data such as credit card details that are sent or received by any device in your home network. Attackers might also render the device inoperable.

 

So with all of these 'Hot Fixes' that are being pushed out to fix security vulnerabilites, is this HTTP issue something that Netgear should be addressing? To me, it seems worthy of further investigation. Or perhaps I'm worrying over nothing?

 

I just find it odd that Bitdefender Home Scanner is giving a completely clean bill of health to 18 devices on my home network, but effectively 'fails' my Hot Fixed firmware router on HTTP vulnerabilities.

 

I look forward to your response.

 

 


 

Model: R7000|AC1900 Smart WIFI Router
Message 145 of 149
Highlighted
Aspirant

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ

So I recently purchased the R8000 Nighthawk X6 AC3200 - On day one since my bandwidth from my provider is 300 Mbps down and 300 Mbps up - I did get almost the same speed on my devices which are on Wifi on the 5ghz channel and near the router,

 

However next day onwards this dropped to 175Mbps up and down although in the admin panel under Dynamic QoS the speed test shows 297.88 Mbps 308.79 Mbps 

 

So I opened a support ticket and I was asked to install the following update R8000 Firmware Version 1.0.4.56 - Hot Fix (https://kb.netgear.com/000061990/R8000-Firmware-Version-1-0-4-56-Hot-Fix)

 

My question is "Will this resolve the speed issue i am having on my devices?" as doing a beta firmware update means I need to do a factory reset and redo all the settings again... I have backed up the settings but its still feels like a pain to do if this doesnt resolve my speed issue.

 

Any help would be most appreciated.. Thank you Smiley Happy 

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 146 of 149
Highlighted
Guru

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ


@sprasad_it wrote:

Will this resolve the speed issue i am having on my devices?


The .58 Hotfix does clearly state "Fixes security issues." - the obvious point is an update of the daemon allowing shell access (using telnet) from the LAN and from remote (as shown in the security advisory). What else was changed since the also recently released .52 claiming "Fixes the low 5 GHz throughput ..." only Netgear (should) know.

 

In most updates, a factory reset is not required.

 

 

Message 147 of 149
Highlighted
NETGEAR Moderator

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ

@NG100 

 

Here is a link to your routers hotfix https://kb.netgear.com/000062040/WNDR3400v3-Firmware-Version-1-0-1-28-Hot-Fix

 

DarrenM

Message 148 of 149
Highlighted
Aspirant

Re: UPDATED 6/26/20: Important Security Advisory Notification: Information on affected NETGEAR produ

Yo
Message 149 of 149