Reply

Re: The last straw: new vulnerability for R7000 R6400 R8000

Wolf_666
Luminary

Re: The last straw: new vulnerability for R7000 R6400 R8000

Installed Beta on my R7000, running in AP mode behind a pfSense unit 😬

- Modem Draytek Vigor 160
- Router Netgear RAX200 (Stock FW)
- NAS Synology DS1621+
Message 26 of 29

Re: The last straw: new vulnerability for R7000 R6400 R8000

The problem is that Netgear has NOT acted responsibly in this matter. As others have stated, they sat on this vulnerability, and only when the details got released to the public did they decide to act on it. I'm not trying to imply that it is this easy, but they really only need to comment out the line in the code that responds to these HTTP requests. The real issue in my mind is that A) they reacted instead of being proactive. This is not a good trend from a company that sells products that are supposed to protect their customers networks. B) I would almost put money on the fact that we only get a patch/firmware that just fixes the most current problem. What about Article ID: 30632, the "Web GUI Password Recovery and Exposure Security Vulnerability" (https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R8000-Firmware/m-p/1130926#M37981)??? Will this fix be included as well? They said they are going to fix it. Also, in other messages on this forum, a mod had said that they were working on an updated implementation of OpenVPN (https://community.netgear.com/t5/Nighthawk-WiFi-Routers/When-R8000-firmware-with-IOS-support-for-Ope...) Will that be included as well?

 

I'm still out.

Message 27 of 29

Re: The last straw: new vulnerability for R7000 R6400 R8000

One additional note: I still support an ASUS RT-66U and a 68U for my parents and extended family. I bought into the R8000 because of the need to cover a lot of area without extenders and bought into its "performance", however. The 66U is over 3 years old and it STILL gets regular updates every few months with its latest update being from October. 

Message 28 of 29
ElaineM
NETGEAR Employee Retired

Re: The last straw: new vulnerability for R7000 R6400 R8000

Hi All,

 

The Security Advisory for VU 582384 has been updated.

Also, for more information see the link below.

 

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Two-leading-Netgear-routers-are-vulnerable-t...

ElaineM
NETGEAR Community Team
Message 29 of 29
Top Contributors
Discussion stats
  • 28 replies
  • 9078 views
  • 39 kudos
  • 11 in conversation
Announcements

Orbi WiFi 6E