NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NETGEAR Routers and CVE-2016-582384 security vulnerability
I am a bit concerned about this recent article: http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/ https://www.kb.cert.org/vuls/id/582384 Details: Overview Net...
NETGEAR is aware of the security issue #582384 affecting R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400 routers. Stay updated here: http://kb.netgear.com/000036386/CVE-2016-582384We now have beta firmware containing fixes for some affected models.
We're working hard on fixes for the other affected models and will update the security ticket above soon.
**** UPDATE from NETGEAR - Added by ChristineT on 12/15/16 at 10:30 AM PST ****
To our NETGEAR Community, we sincerely apologize for any complications you may have encountered due to the recently publicized vulnerability, referred to as VU 582384. We initially became aware of this vulnerability last Friday when CERT emailed us, and because we had no record of a prior report, we began our standard process of validation prior to making any public statements.
Once it had been disclosed that the first notification actually occurred in August, we conducted a search and confirmed this was the case. Admittedly, this was an oversight on our part. While no security reporting system is perfect, we aim to do better, and are evaluating how to improve our response process.
NETGEAR has created a channel for security researchers and other members of the public to contact us regarding potential security issues affecting NETGEAR products (security@netgear.com), which is publicly disclosed from the NETGEAR Product Security Advisory page. We receive numerous emails through this channel, the overwhelming majority of which, on review, do not raise product security issues. When we do recognize that there is a security risk to our customers, we work diligently to address them in a timely manner, as we have done in this case since learning about it last Friday.
Security Advisory for VU 582384 knowledgebase article.
NETGEAR Product Security Advisory page.
Hi.. just saw this news on another site..
Thanks for the tips above, I have disabled the server as suggested. But I have a question
If you go to the R7000 downloads its showing the official FW as
R7000 Firmware Version 1.0.1.22
http://kb.netgear.com/en_US/23857/
is that a safe version? the date was 11/28/2016... seems like a much earlier version?
Wont work with Merlin software installed, also the Asus-wrt/Merlin software is more reliable and faster. Not sure why anyone would continue to use Netgear's terrible firmware at this point.
If I had purchased the Arlo cameras hoping to use the R7000 as my base station I would cut my losses and run, at some point you have to quit throwing good money after bad.
RMinNJ wrote:Just installed it by uploading it to the router... Router rebooted and its at the new version. I did not do any resets or anything else.
No problems I can see yet.
Me too.
Reboot but no reset. All looks good.
D6400.
Just installed it by uploading it to the router... Router rebooted and its at the new version. I did not do any resets or anything else.
No problems I can see yet.
Has anyone done this install WITHOUT having done a full reset of the router? I just don't have time at the moment to do the whole jump through the hoops of resetting EVERYTHING..
I know it can be done in place, anyone have any experience doing it that way wit this build?
Wolf_666 The DD-WRT (Kong's build) is also on my wishlist, gonna try that one during Christmas holiday when I have time.
GinaGerson I am glad for you.
I had several Netgear Routers, I have been starting modding with 3rd FW since my WNRD3700 and I did not ever seen any real improvement (misured with some LAN tools) in speed, expecially 5Ghz. The reason is because most of those FW use outdated drivers that are not optimized for that specific model. The community mostly agrees that stock FW, in general, offers better speeds but drammatically lacks features that 3rd party FW offers. Personally I am a big fan of OpenWRT (not usable for R7000) and DD-WRT (Kong's build).
My final advise is to test, each home environment has specific needs and, could happen, that som 3rd party FW outperforms stock FW.
No third party FW is faster than stock FW. Only if you are looking for additional feature 3rd party is the right way. I tested all 3rd party FW so far, no one excluded and I did not get any faster Wi-Fi speed.
I'm running V1.0.4.30_1.1.67 and the bug is there.
I find it intresting that the merlin firmware can be faster even though it is not using the hardware acceleration.
For now I'v flashed other firmware. (XWRT)
Seems to work very well. On 2.4G i get way more download, went up from 45/15 to 88/15 ;)
5G stays same as it was 150/15 (but that's my max speed) so that's fine.
climb74 wrote:Gandolf, please supply more info regarding the asus-wrt/merlin firmware.
Here is a link to a discussion:
https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R7000-Using-Asuswrt-Merlin/td-p/1127372
Here is a link to asus-wrt:
StaticFX,
This is the link for the R7000 specific version of the firmware. I have been running this for a long time now with no problems. It makes me like my Netgear router again...
Asuswrt-Merlin on Netgear R7000
http://www.linksysinfo.org/index.php?threads/asuswrt-merlin-on-netgear-r7000.71108/
StaticFX wrote:Gandolph - i forgot about wrt etc... do you have the link handy?
http://www.dd-wrt.com/wiki/index.php/Main_Page
I may actually attempt this on my next day off. Looks to be more secure and still offers all I need in regards to management.
Gandolf, please supply more info regarding the asus-wrt/merlin firmware.
