Orbi WiFi 7 RBE973
Reply

Netgear routers: No automatic firmware security updates or user notification system

fnl
Aspirant
Aspirant

Netgear routers: No automatic firmware security updates or user notification system

I have the R7000 and recently, my mail wasn't synchronizing itself, because their server addresses no longer got properly resolved. After a long and ardourous "support-battle" with my professional mail provider, we managed to pin the problem down to my Netgear router. Turns out, the router's firmware was in need of updating, including a security update (!), after which DNS resolution and hence mail worked properly again.

 

I understand that I *could* look at my router setup every x months to make sure there might, maybe, under some circumstance, be an update around that I should (have! see next) install(ed). But I don't think that is user-friendly or scalable (I've got another router at my office, another router at my parents site, and another at my parents-in-law, each of which I maintain). Also, say, an urgent security update is released the day after I made my routine check - my networks would be unprotected for months, until I check again. So that's a clear: No, that suggestion is neither scalable, and its a security liablity. So if the router is not able to update the firmware by itself (I had expected that was happening by default, and am quite astonished its not possible to turn such functionality on for my router!), I would have expected that Netgear is able to provide some kind of email notification support for this.  Turns out, that isn't an option, either. As this is a security liability you buy-in with owning Netgear products, it certainly is a big red flag for my next router purchase.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 7

Accepted Solutions
fnl
Aspirant
Aspirant

Re: Netgear routers: No automatic firmware security updates or user notification system

WOOT! I just received an e-mail from Netgear that my Nighthawk routers need updating, due to some security vulnerability. I have absolutely no idea how I activated this mail service, but it certainly is exactly what I wanted. Problem solved!

View solution in original post

Message 7 of 7

All Replies
shamarin
Virtuoso

Re: Netgear routers: No automatic firmware security updates or user notification system

Netgear routers can update itself, but you need to enter to web GUI or use Netgear genie which checkes if new firmware is available and give you a notice to update, you just need to press button to make an update, in both cases router will automatically download new firmware and make a flash of new firmware. Other router muanufactures such as Asus, D-Link didn't have such ability. For those router manufactures you need to download new firmware youself and install it.

Message 2 of 7
fnl
Aspirant
Aspirant

Re: Netgear routers: No automatic firmware security updates or user notification system

Message 3 of 7
shamarin
Virtuoso

Re: Netgear routers: No automatic firmware security updates or user notification system

I use Netgear routers for more then 5 years and i can say to you that updating is very simple. Also i have an experience of using D-Link, Asus, TP-Link and Zyxel. Netgear updating is very simple and router give an notification when new firmware is available and also Zyxel have the same functionality with the exeption of only program (for Netgear it is Genie app) for Windows and Mac OS.

Message 4 of 7
fnl
Aspirant
Aspirant

Re: Netgear routers: No automatic firmware security updates or user notification system

Now, this NetgearGenie "solution" is even worse: Foremost, I need to maintain routers on several sites, so I'd have to connect to each one with that (or a different?) app over the net, opening an even larger security liability. Indeed, I'd need to enable admin access from the external interface (to the router). Even if only run on the internal interface side, I might consider that setup a security liability: Someone might have hacked my wife's/parent's/friend's computer and is evasdropping on my home network. Or an update might be happening while I'm traveling for a week, so I'd need external interface acces after all to use Genie (or some complex desktop sharing and VPN setup). Etc.

 

Second, I use Linux (and Mac). And no, I will not run Wine with components from an OS that is even less secure (as we've seen with quite firghtening news just this week again) to get an insecure web-polling mechanism going that augments my network's attack surface.

 

If you are cozy with your "setup", I'm happy for you. Am I being paranoid? Maybe. Is this possible? Certainly. Whatever, I prefer to not wake up to a bot farm/identity theft/money extortion scheme one day because I did not update my devices. However, "Hey, I've been using the Internet for 10 years now and had no problems; what's your stress?" isn't an answer to me - I've been using the Internet before we had HTTP and I certainly have seen someone with a last-mile connect coming out of China even getting onto one of my machines.

 

Overall: We live in 2017, security issues abound (Intel, Windows, OSX, Android, you name it... all a liability). So what is wrong with hardware and software manufacturers (like Netgear, apparently) that can't set up secure push notifications for updates and security-related issues for their clients? Even just a plain old mailing list I subscribe to would be enough.

 

[EDITS: fixing some spelling and text clarity issues]

 

Message 5 of 7
fnl
Aspirant
Aspirant

Re: Netgear routers: No automatic firmware security updates or user notification system

To further prove my point - just querying for "Netgear" on HackerNews lists a ton of very tough security flaws with their routers (NB that I am not querying for something like "netgear AND security," say). All of that I would miss patching if I don't get secure push notifications at all times.

Message 6 of 7
fnl
Aspirant
Aspirant

Re: Netgear routers: No automatic firmware security updates or user notification system

WOOT! I just received an e-mail from Netgear that my Nighthawk routers need updating, due to some security vulnerability. I have absolutely no idea how I activated this mail service, but it certainly is exactly what I wanted. Problem solved!
Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 6741 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7