× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
× Introducing the new Orbi 770 Series Mesh System. To learn more click here.
Orbi WiFi 7 RBE973
Reply

Re: New - RAX35/38/40/42/43/45/50/54 Firmware Version 1.0.15.128 - Hot Fix Released

FURRYe38
Guru

Re: New - RAX35/38/40/42/43/45/50/54 Firmware Version 1.0.15.128 - Hot Fix Released

Kinda hard to tell if this version of FW works or not unless we try. 

 

What are the full details on what is happening?

Message 26 of 33
wealth-secure
Aspirant

Re: New - RAX35/38/40/42/43/45/50/54 Firmware Version 1.0.15.128 - Hot Fix Released

Hello Netgear Community,

 

I recently came across this Firmware Version 1.0.15.128 Hot Fix for the RAX40v2 router. While I appreciate the ongoing efforts to improve the router's performance and security, I have a couple of questions that I hope can be addressed:

1. Security Vulnerabilities Patched:

The release notes mention that the hotfix addresses security vulnerabilities but do not provide specific details. Could someone from Netgear or the community shed light on what vulnerabilities were addressed? Detailed information would be highly beneficial for users who prioritize security.

2. Auto-Update Issue:

I've noticed that this firmware version has not appeared in the auto-update feature of my router, even though it was released four months ago. Is there a reason for this delay? Are "Hot Fixes" not included in the standard update cycle, or is there another explanation?

Understanding these aspects would not only help me but also benefit the community at large. Looking forward to your responses.

 

Best regards,

Daniel

Message 27 of 33

Re: New - RAX35/38/40/42/43/45/50/54 Firmware Version 1.0.15.128 - Hot Fix Released


@wealth-secure wrote:

1. Security Vulnerabilities Patched:

The release notes mention that the hotfix addresses security vulnerabilities but do not provide specific details. Could someone from Netgear or the community shed light on what vulnerabilities were addressed? Detailed information would be highly beneficial for users who prioritize security.

This is not generally thought to be a good idea.

 

Telling you what was fixed leaves the door open for nasty people to exploit things that aren't covered in the update.

 

Users who prioritise security might like to consult the appropriate section:

 

NETGEAR Product Security | NETGEAR

 


2. Auto-Update Issue:

I've noticed that this firmware version has not appeared in the auto-update feature of my router, even though it was released four months ago. Is there a reason for this delay? Are "Hot Fixes" not included in the standard update cycle, or is there another explanation?

Hot fixes are not always, if ever, included in the automated update process.

 

This happened in phases, depending on the severity of the update. The first fighting of new firmware is often on the product support pages.

 

As it is, experienced users tend to avoid autoupdates. (They turn them off.) They can result in a dead (bricked) router when the process goes wrong, for example, if there is a power failure mid update.

 

True nerds like to download updates from the support pages and to manually update the firmware.

 

How do I manually upgrade firmware to my NETGEAR router? | Answer | NETGEAR Support

 

 

 

Message 28 of 33
wealth-secure
Aspirant

Re: New - RAX35/38/40/42/43/45/50/54 Firmware Version 1.0.15.128 - Hot Fix Released


@michaelkenward wrote:

@wealth-secure wrote:

1. Security Vulnerabilities Patched:

The release notes mention that the hotfix addresses security vulnerabilities but do not provide specific details. Could someone from Netgear or the community shed light on what vulnerabilities were addressed? Detailed information would be highly beneficial for users who prioritize security.

This is not generally thought to be a good idea.

 

Telling you what was fixed leaves the door open for nasty people to exploit things that aren't covered in the update.

 

Users who prioritise security might like to consult the appropriate section:

 

NETGEAR Product Security | NETGEAR

 


2. Auto-Update Issue:

I've noticed that this firmware version has not appeared in the auto-update feature of my router, even though it was released four months ago. Is there a reason for this delay? Are "Hot Fixes" not included in the standard update cycle, or is there another explanation?

Hot fixes are not always, if ever, included in the automated update process.

 

This happened in phases, depending on the severity of the update. The first fighting of new firmware is often on the product support pages.

 

As it is, experienced users tend to avoid autoupdates. (They turn them off.) They can result in a dead (bricked) router when the process goes wrong, for example, if there is a power failure mid update.

 

True nerds like to download updates from the support pages and to manually update the firmware.

 

How do I manually upgrade firmware to my NETGEAR router? | Answer | NETGEAR Support

 

 

 


 

Thank you for your reply. I have already manually updated the firmware before posting on this thread. My main point simply was, if there is an update with 'important security vulnerability fixes' and it is not disclosed what those are and it takes some high degree of technical skill to find this hotfix to mitigate the risk of this being exploited on my router, it is a bit of a double edged sword.

 

As anyone on this forum probably does update their routers like this, the majority of people have the default setting with auto update enabled and thus will never receive this hotfix and the impact of what that may have is impossible to assess if one does not know what vulnerabilities are patched in this hotfix. Well I do get the argumentation about power outages, that raises another point, why is this auto update setting on by default then? If this is the reason for not including hotfixes in auto updates, because of the small chance one router may die due to mid update power outages? Does Netgear find the risk of power outages bigger than the risk of 'security vulnerabilities being patched' being exploited on potentially the vast majority of their clientele who has not installed this hotfix? Impossible for me to tell if I don't know what the update actually does. Also, I don't think the argument holds up. When manually patching my router the power could also have a blackout. It is not necessarily something you can predict.

 

Just figured I'd bring this up.

 

With regards to the Netgear Product Security webpage you referenced, I did not necessarily find it useful. It is very generic and only offers the option to report a vulnerability and see what productrs are on their end of life cycle.

 

Cheers,

Daniel

Message 29 of 33
FURRYe38
Guru

Re: New - RAX35/38/40/42/43/45/50/54 Firmware Version 1.0.15.128 - Hot Fix Released

NG doesn't put up some FW builds on there AU services. Some builds are major and some minor. Major version changes are more likely to be put up on there AU service and auto pushed. Minor ones NG doesn't put up on there AU service and are up to users to check on and at there discretion to manually update or not. Why NG provides FW build files for users to manually update there units when they decide too. Been too many historical issues of AU causing problems for users so NG lets users decide if they want to use that system or manually update. 

 

If users are overly concerned about updates happening and power outages, then there are UPS options that should be looked in to. Otherwise if power goes out during a update, the unit can be recovered back to working order should that ever happen. 🙄

Message 30 of 33
FURRYe38
Guru

Re: New - RAX35/38/40/42/43/45/50/54 Firmware Version 1.0.15.128 - Hot Fix Released

Message 31 of 33
wealth-secure
Aspirant

Re: New - RAX35/38/40/42/43/45/50/54 Firmware Version 1.0.15.128 - Hot Fix Released

Thanks; that is super thoughtful of you to share! Highly appreciated. 🙂

Message 32 of 33
FURRYe38
Guru

Re: New - RAX35/38/40/42/43/45/50/54 Firmware Version 1.0.15.128 - Hot Fix Released

👍

Message 33 of 33
Top Contributors
Discussion stats
  • 32 replies
  • 7558 views
  • 5 kudos
  • 9 in conversation
Announcements

Orbi 770 Series