Orbi WiFi 7 RBE973
Reply

Vulnerability Summary for CVE-2017-5521

3v3ntH0riz0n
Apprentice

Vulnerability Summary for CVE-2017-5521

If you purchase this router, flash it to open source firmware, or get the latest update from Netgear ASAP.  Another security issue was found with several routers, but older firmware:

 

http://thehackernews.com/2017/01/Netgear-router-password-hacking.html

 

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5521

Model: R6700|Nighthawk AC1750 Smart WiFi Router
Message 1 of 6

Accepted Solutions
ElaineM
NETGEAR Employee Retired

Re: Vulnerability Summary for CVE-2017-5521

Message 2 of 6

All Replies
ElaineM
NETGEAR Employee Retired

Re: Vulnerability Summary for CVE-2017-5521

Below is the article that tackles the vulnerability.

 

Web GUI Password Recovery and Exposure Security Vulnerability

Message 2 of 6
jeffsilverman
Aspirant

Re: Vulnerability Summary for CVE-2017-5521

If the firmware installation process describer in Netgear's knowledge base 000036749 is interrupted, then will the router be bricked, or is there a recovery procedure?  If there is no recovery procedure, then do the update at a time where, if the procedure fails, you have time to get a new router before you need the internet for something critical.  Also, is version 1.0.4.8 the latest version?

 

Mitre says that this is the latest known vulnerability.  www.cve.mitre.org

 

 

Message 3 of 6
StephenB
Guru

Re: Vulnerability Summary for CVE-2017-5521


@jeffsilverman wrote:

Also, is version 1.0.4.8 the latest version?

  


What router do you have?

 


@jeffsilverman wrote:

If the firmware installation process describer in Netgear's knowledge base 000036749 is interrupted, then will the router be bricked, or is there a recovery procedure?  

 


There are a couple things you can try, including reinstalling firmware with tftp.  I haven't experienced this, so I don't know whe odds of success.  If you needed to get a new router ASAP, you'd probably need to buy one.

 

 

Message 4 of 6
jeffsilverman
Aspirant

Re: Vulnerability Summary for CVE-2017-5521

I have an R6250

 

As it happens, I am a linux system administrator and I know exactly what a TFTP daemon is, and how to set one.  How many people who buy netgear routers, or any other kind of router, know what TFTP is?

 

 

 

 

Message 5 of 6
StephenB
Guru

Re: Vulnerability Summary for CVE-2017-5521


@jeffsilverman wrote:

I have an R6250

 


The support page for your router is here: https://www.netgear.com/support/product/R6250

 

You can check the current firmware, download manuals, etc. You can see that the current firmware is 1.0.4.8.


@jeffsilverman wrote:

As it happens, I am a linux system administrator and I know exactly what a TFTP daemon is, and how to set one.  How many people who buy netgear routers, or any other kind of router, know what TFTP is?

 


FWIW I don't work for Netgear, I am just active in the community.  

 

But I'm sure most router owners don't know what TFTP is. What's your point?  

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 4847 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7