This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
It didn't seem to be addressed even in the most recent firmware release, v1.0.7.6_1.1.99, which fixed the vulnerability disclosed in Security Advisory VU 582384.
I'm not referring to VU 582384 resolved in firmware v1.0.7.6_1.1.99. I know this is a different issue.
I'm just wondering why an admin posts about an open issue seven days after it was supposedly fixed in firmware v1.0.5.70 firmware. This makes me believe the posted vulnerability was not fixed yet.
And what about those of us with the dubious honor of owning E.O.L. (aka, officially abandoned) Netgear devices such as the 1st rev. NightHawk R7500 (EOLed 12 months after inital release) --- So what of us? Are we collectively shoe-horned under the KB30632 (C.Y.A.) section jargon: "If your affected product does not have a firmware fix available, NETGEAR strongly recommends that you follow this workaround procedure to remediate the vulnerability" --- and once again Netgear's customer abandonment leaves us never really knowing if our devices were or were not, vulnerable? Because Netgear prefers not to "talk publicly" about matters they deem to be potentially embarrassing...
It's getting harder and harder to justify continuance at being a Netgear customer...
That's not on the list at all, and isn't in the NIST CVE record either. Are you sure it's affected by this particular vulnerability?
Precisely my point - it's on neither list, good or bad. Netgear once again chooses to leave owners of their EOLed devices in the limbo of being unknowingly adrift ... and thereby potentially perpetuating the very problems they claim to be guarding the “Wide Net” against.
That's not on the list at all, and isn't in the NIST CVE record either. Are you sure it's affected by this particular vulnerability?
Precisely my point - it's on neither list, good or bad. Netgear once again chooses to leave owners of their EOLed devices in the limbo...
The only device on the good list is theV6510. It would be reassuring if that list was more extensive. There are two bad lists - one with fixes, one without fixes. There are EOL routers included (the WNDR4000 being one). So Netgear hasn't ignored that category.
That's not on the list at all, and isn't in the NIST CVE record either. Are you sure it's affected by this particular vulnerability?
Precisely my point - it's on neither list, good or bad. Netgear once again chooses to leave owners of their EOLed devices in the limbo...
The only device on the good list is theV6510. It would be reassuring if that list was more extensive. There are two bad lists - one with fixes, one without fixes. There are EOL routers included (the WNDR4000 being one). So Netgear hasn't ignored that category.
@StephenB wrote: Netgear needs to sync their lists then.
Agreed - And when taken in light of the fact that for customers such as myself, with the knowledge that this version is one that Netgear would like to disavow having ever been "suckered" into producing (due to its inclusion of certain "Quantenna components"), well - let's just say that their support actions for it (meager as they've been) are all rather suspect ...
To further characterize and more precisely typify my meaning on all this, the R7500 (at its initial release) was touted by Netgear marketing as having full MU-MIMO capability to be later implemented via a soon-to-be-forthcoming automatic-delevered FW update. That marketing promise was never fulfilled on the earlier (v1) devices – it only happened on the v2 devices… So - How can this in way be construed as being anything other than an outright, bald-faced lie coupled with an exemplary case of both product & customer abandonment on the part of Netgear?
