This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
You can test it yourself by using that url.
Login to your router, and find out the ip of it. Then replace the ip with that test url. If you get can't be found or access denied then you are good, if you get anything else, then it's vunerable.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Very difficult if not impossible for 99% of Netgear customers (Costco, Amazon, Wal-Mart, Target shoppers) to comprehend and implement. Vendor solution is needed.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
So what is the timeline to a patch? After spending over 200 bucks for a router I expect that the vendor is going to support their product. Fair warning, I will be very vocal about my dissatisfaction if I have to go out and buy a new router. Considering I have an extensive career in Information Security, my voice may carry some weight... The current lack of response is disconcerting to say the least considering that there is an exploit available in the wild.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Agree. Especially since there were a lot of discounts on this item since black friday and articles telling consumers its one of the best devices you could buy at the time.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
I would recommend twitter, to voice concern (netgearhelp I think it the tag). We could also post to review sites (amazon.com, newegg, and even netgears site). Use social media, like FB to post reviews or rank the item. This might get their attention. This bug has been known about since Friday, and Netgear has yet to respond. Unacceptable.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
There are a number of security sites that garner a lot of attention as well... though a number of them already have this issue in their sights along with mainstream tech sites. ZDNet is just the tip of the proverbial iceberg. I find it odd that the only response from a Netgear representative on their own forum was to attempt to discredit CERT as a source. Calling Carnegie Mellon University's public vulnerability database (CERT) a "third party" is a bit of a stretch... I wonder what sort of agenda they think a reputable university and The Department of Homeland Security are trying to push... I sincerely doubt either "third party" have any vested interest in a Netgear competitor.
That said... I don't know how much weight our threats of going to the media will have anymore now that SlashDot, ComputerWorld, and Network World have gotten a hold of this story. This story has gotten legs, and if Netgear doesn't get ahead of this they are going to be in serious trouble. Personally I will give them two business days at most before I drop support for them entirely and search for a more secure router vendor. Many of us Security Architects work from home. The last thing we need are unsupported border devices with egregious security flaws. The least they should do is provide a workaround as of yesterday!
Re: Two leading Netgear routers are vulnerable to a severe security flaw
According to https://mobile.slashdot.org/story/16/12/11/1832234/vulnerability-prompts-warning-stop-using-netgear-... 'Proof-of-concept exploit code was released by a Twitter user who, according to the article, said "he informed Netgear of the flaw more than four months ago, but did not hear back from the company since then."' Netgear needs to fix the vunerability and explain why it has not done so in the last four months.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
The point I was trying to make was that the comment suggesting stopping using the devices was not made by NETGEAR and only that. I wanted to clarify that as a post suggested it was.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384
We now have beta firmware containing fixes for some affected models.
We're working hard on fixes for the other affected models and will update the security ticket above soon.
**** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****
To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements.
Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.
NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page. We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues. When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.
Re: Two leading Netgear routers are vulnerable to a severe security flaw
Wont work with Merlin software installed, also the Asus-wrt/Merlin software is more reliable and faster. Not sure why anyone would continue to use Netgear's terrible firmware at this point.
If I had purchased the Arlo cameras hoping to use the R7000 as my base station I would cut my losses and run, at some point you have to quit throwing good money after bad.
