NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Any plans for Samba fix for CVE-2017-7494 ?
I posted elsewhere about this, but CVE-2017-7494 NEEDs to be patched on any device still in operation, and I think that includes the older, technically out of support models that I have 6 of. Wit...
Legacy Sparc, x86 and ARM firmware is now available:
RAIDiator-4.1.16 (Sparc)
Does this effectively render the NV+ / Duo obsolete if CIFS ( SMB) is required?
NFS & AFP are both not an option for me.
Spooled wrote:Does this effectively render the NV+ / Duo obsolete if CIFS ( SMB) is required?
NFS & AFP are both not an option for me.
I would argue, that yes, the lack of bringing these devices up to SMB2 or better effectively makes them obsolete. I have disabled SMB1 on all my Windows devices, as MS has recommended, and therefore they can no longer communicate with 5 of my 6 ReadyNAS devices, because only one of them is modern enough to be able to run OS 6. Those same devices also cannot support drives larger than 2TB and, to me, that also leaves them being obsoleted. Your mileage will vary, but my decision on these matters was to go with a different vendor for my NAS needs, where I have a 12 bay unit that gets weekly [security] updates and is able to run SMB 3.
I've done a little research about trying to get an alternate OS into the legacy NASes, but that currently doesn't seem very possible. I really wish, if Netgear no longer wishes to support these devices, they would open source the necessary components so that the FOSS community could take over and provide support.
PHolder wrote:
I would argue, that yes, the lack of bringing these devices up to SMB2 or better effectively makes them obsolete.
I read the question as being Has the CVE been addressed on legacy NAS like the NV+ and Duo? The answer to that question is yes.
There are other questions one could ask:
Is it safe to run an NV+ or Duo v1?
In my opinion, yes. And I still do have both deployed as a backup NAS.
The way I read MS recommendation: (a) install their security fix for SMB-1 on all your windows systems (b) remove SMB1 if equipment on your network doesn't need it as an additional security precaution.
SMB-1 remains vulnerable to man-in-the-middle attacks, so I do agree that disabling it is a worthwhile precaution. But on a home network you should be ok as long as you don't allow SMB traffic (port 445) in through your home router - which is a bad idea anyway. FWIW, Wannacry didn't use a MITM attack.
Are the NV+ or Duo v1 competitive with newer NAS?
Clearly not. They are based on a 2006 hardware design, and were replaced about 6 years ago by newer ReadyNAS. They weren't competitive in 2011, and the performance gap has only grown.
Competitive or not, I currently have several Duo's that are unaccessable now, even after updating the FW to v 4.1.16.
Coming in to work and discovering that all of my Netgear NASes are permanently inaccessible was a pretty big shock. Refusing to enable SMB-2 so that I could transfer to a new device is also quite jarring.
I really liked my Duo's - but now I am looking at other vendors.
Spooled wrote:
Coming in to work and discovering that all of my Netgear NASes are permanently inaccessible was a pretty big shock.
Your IT department disabled SMB1 on your office PC?
Spooled wrote:
Refusing to enable SMB-2 so that I could transfer to a new device is also quite jarring.
It's not about enabling SMB2. They'd need to implement SMB2 on that NAS in the first place.
Is FTP available? That's another way to get the data off.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
