- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Vulnerability Summary for CVE-2017-5521
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you purchase this router, flash it to open source firmware, or get the latest update from Netgear ASAP. Another security issue was found with several routers, but older firmware:
http://thehackernews.com/2017/01/Netgear-router-password-hacking.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5521
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Below is the article that tackles the vulnerability.
Web GUI Password Recovery and Exposure Security Vulnerability
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Below is the article that tackles the vulnerability.
Web GUI Password Recovery and Exposure Security Vulnerability
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Vulnerability Summary for CVE-2017-5521
If the firmware installation process describer in Netgear's knowledge base 000036749 is interrupted, then will the router be bricked, or is there a recovery procedure? If there is no recovery procedure, then do the update at a time where, if the procedure fails, you have time to get a new router before you need the internet for something critical. Also, is version 1.0.4.8 the latest version?
Mitre says that this is the latest known vulnerability. www.cve.mitre.org
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Vulnerability Summary for CVE-2017-5521
@jeffsilverman wrote:
Also, is version 1.0.4.8 the latest version?
What router do you have?
@jeffsilverman wrote:
If the firmware installation process describer in Netgear's knowledge base 000036749 is interrupted, then will the router be bricked, or is there a recovery procedure?
There are a couple things you can try, including reinstalling firmware with tftp. I haven't experienced this, so I don't know whe odds of success. If you needed to get a new router ASAP, you'd probably need to buy one.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Vulnerability Summary for CVE-2017-5521
I have an R6250
As it happens, I am a linux system administrator and I know exactly what a TFTP daemon is, and how to set one. How many people who buy netgear routers, or any other kind of router, know what TFTP is?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Vulnerability Summary for CVE-2017-5521
@jeffsilverman wrote:
I have an R6250
The support page for your router is here: https://www.netgear.com/support/product/R6250
You can check the current firmware, download manuals, etc. You can see that the current firmware is 1.0.4.8.
@jeffsilverman wrote:
As it happens, I am a linux system administrator and I know exactly what a TFTP daemon is, and how to set one. How many people who buy netgear routers, or any other kind of router, know what TFTP is?
FWIW I don't work for Netgear, I am just active in the community.
But I'm sure most router owners don't know what TFTP is. What's your point?
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more