NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Megarock
Mar 26, 2018Tutor
Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi router
I have got this report from Avast and Bitdefender after scanning my network and i have the latest firmware for my router. Any ideas if Netgear is working on a firmware update f...
- Aug 13, 2018
For the subject CVE-2017-14491 plus a few more items to address should be 2.78 or higher. Check http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
JamesGL
Mar 27, 2018Master
Hi Megarock,
You can report it via proper channel.
JamesGL
Mar 30, 2018Master
Hi schumaku,
NETGEAR is working on any reported vulnerability issue.
Hi Megarock,
Please submit it here.
- MegarockMar 30, 2018Tutor
Sorry, i went to the link on that site you gave me and i could not figure out how and what to do with it.
- schumakuMar 30, 2018Guru
JamesGLwrote:NETGEAR is working on any reported vulnerability issue.
We expect Netgear does update Open Source packets on these product on a regaular base, and not wait unil vulnerability reports are in the public (dnsmasq was updated almost half a year ago to address this vulnerability!!!), or 3rd party applications complain about features soon no longer supported (see all the OpenVPN warnings, current OpenSSL and updating the certificates would have saved virtually hundreds pf posts). Proactively handling - not sleeping. It's simply ignorant and leave a very bad impression on the Netgear brand.
- JamesGLApr 03, 2018Master
- schumakuApr 03, 2018Guru
JamesGLwrote:You can click on submit report on the link below.
Can't be Netgear customers having to file well known and published vulnerabilities every reasonable commercial, (even free!) vulnerability test tools does complain (some for a longer time). Something is badly wrong in the way these products firmware is audited, regularly reviewed, and security updated.
- maryboroughmikApr 11, 2018Aspirant
JamesGL wrote:Hi Megarock,
You can click on submit report on the link below.
JamesGL I have a D6400 router and have the same vulnerabity message (CVE-2017-14491) from Avast. When I go to the link you directed my model doesn't even come up. I bought it less than 2 years ago and the warranty runs out later this year. Where do I go to find out how or if netgear have addressed this vulnerabity for my router?
- microchip8Apr 11, 2018Master
NETGEAR should get off this habit of using antique versions of their important toolchains and upgrade them to modern versions. dnsmasq version on NETGEAR routers is 2.39, which was released in 2007, which is 11 YEARS AGO, and widely known to have various (security) issues. wide-dhcpv6 is NO LONGER DEVELOPED FOR YEARS and is not up to current IPv6, sometimes not working at all with some configurations - I am living proof of that as I have Linux systems that don't work well with its dhcp6s server
But since this is NETGEAR and it does what it wants, and it took it YEARS to finally stop blocking ICMPv6 packets and this only on certain router models/firmware, I have very little hopes that any change will come. They're thick-headed-think-they-know-better while the competition is miles ahead (looks at ASUS)
A real, real SHAME. Because I happen to like NETGEAR hardware