NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NETGEAR Routers and CVE-2016-582384 security vulnerability
I am a bit concerned about this recent article: http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/ https://www.kb.cert.org/vuls/id/582384 Details: Overview Net...
NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384We now have beta firmware containing fixes for some affected models.
We're working hard on fixes for the other affected models and will update the security ticket above soon.
**** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****
To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements.
Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.
NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page. We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues. When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.
Security Advisory for VU 582384 knowledgebase article.
NETGEAR Product Security Advisory page.
There are a number of security sites that garner a lot of attention as well... though a number of them already have this issue in their sights along with mainstream tech sites. ZDNet is just the tip of the proverbial iceberg. I find it odd that the only response from a Netgear representative on their own forum was to attempt to discredit CERT as a source. Calling Carnegie Mellon University's public vulnerability database (CERT) a "third party" is a bit of a stretch... I wonder what sort of agenda they think a reputable university and The Department of Homeland Security are trying to push... I sincerely doubt either "third party" have any vested interest in a Netgear competitor.
That said... I don't know how much weight our threats of going to the media will have anymore now that SlashDot, ComputerWorld, and Network World have gotten a hold of this story. This story has gotten legs, and if Netgear doesn't get ahead of this they are going to be in serious trouble. Personally I will give them two business days at most before I drop support for them entirely and search for a more secure router vendor. Many of us Security Architects work from home. The last thing we need are unsupported border devices with egregious security flaws. The least they should do is provide a workaround as of yesterday!
The point I was trying to make was that the comment suggesting stopping using the devices was not made by NETGEAR and only that. I wanted to clarify that as a post suggested it was.
NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384We now have beta firmware containing fixes for some affected models.
We're working hard on fixes for the other affected models and will update the security ticket above soon.
**** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****
To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements.
Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.
NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page. We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues. When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.
Security Advisory for VU 582384 knowledgebase article.
NETGEAR Product Security Advisory page.
I just attempted to complete the secruity fix for VU 582384. Following the instructions after downloading the zip file. I then loged into the router. However, working through the ADVANCED TAB then the ADMINISTRATION I was not able to locate FIRMWARE UPGRADE. There was NO choice for FIRMWARE UPGRADE.
Has anyone else encounted this issue and if so how did you proceed to upload the security fix?
pjsand wrote:Following the instructions after downloading the zip file.
Did you unzip the zip file?
You don't say which device you want to flash, but most of the firmware is now officially released. So you should be able to tell the modem/router to go get it without having to retrieve the file.
Sorry, I can't be more precise than that because I don't know what hardware you need to update.
Remember, not all Netgear devices are vulnerable to this security hole.
If you find the manual on the support site it will also have the instructions you need.
So, after getting the (late) alert from Netgear, I immediately tried to log in to my router, but the site was blocked. After doing a hard reset at the router, I was able to get to the site, but only after bumping out "another user" who was logged in to the router. I'm thinking this was a bad actor who had access to my network. True?
To Netgear: the fact that you didn't prevent this vulnerability, compounded by your slow response, is unacceptable. This is not just a firmware hiccup. My entire network, including all of the devices that access it, and all of my passwords, may have been breached.
Dougaloo wrote:So, after getting the (late) alert from Netgear, I immediately tried to log in to my router, but the site was blocked. After doing a hard reset at the router, I was able to get to the site, but only after bumping out "another user" who was logged in to the router. I'm thinking this was a bad actor who had access to my network. True?
You aren't the first person to think that logging into your router takes you to a Netgear site. There is no "site", nor is there another user. That was you.
When you login to the router, you go to the local browser based interface for your hardware. You can do that even if you are not connected to the Internet. Indeed, you have to get in there before you have an Internet connection so that you can set up your hardware to get connected.
So, you can be pretty sure that there is no "bad actor" wreaking havoc on your network. Just you logged in twice.
For all the flap about this nasty "back door" issue, I haven't seen any reports here of anyone exploiting this feature. Netgear rushed out fixes within a week or so of the news going public.
:smileyfrustrated: I own two of these units, and didn't hear anything about this until I read about it on Kim Komando, along with the link for the update fix. (Hopefully) Security communicatoions has got to be better than this!
NotHome wrote::smileyfrustrated: I own two of these units, and didn't hear anything about this until I read about it on Kim Komando, along with the link for the update fix.
Two of what units? The subject here is wrong and some reports turned out to be false alarms.
You must have missed out on, or failed to register for, the email updates that brought many people here. It has also been all over the interwebs, as you will see from the length, and age, of this discussion.
