Page 1 of 2 12 LastLast
  1.    09 Dec 2016 #1
    Join Date : Oct 2013
    Posts : 24,512
    64-bit Windows 10 Pro build 17017

    Netgear R7000, R6400, and R8000 routers vulnerable


    NETGEAR is aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system.

    NETGEAR has tested the following products and confirmed that they are vulnerable:

    All products followed by an asterisk (*) have beta firmware fixes available—see below.

    • R6250*
    • R6400*
    • R6700*
    • R6900*
    • R7000*
    • R7100LG*
    • R7300DST*
    • R7900*
    • R8000*
    • D6220*
    • D6400*

    NETGEAR is working on a production firmware version that fixes this command injection vulnerability and will release it as quickly as possible.

    While we are working on the production version of the firmware, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.

    Beta firmware is currently available for the models listed below, and beta firmware versions for the remaining models are being worked on and will be released as soon as possible, some as early as Tuesday, December 13th.

    To download the beta firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:


    NETGEAR is continuing to review our entire portfolio for other routers that might be affected by this vulnerability. If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well.

    NETGEAR will continue to update this knowledge base article when we have more information.

    We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.

    It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.

    If you have any security concerns, you can reach us at security@netgear.com.


    Source: Security Advisory for VU 582384 | Answer | NETGEAR Support


    Read more:
    Last edited by Brink; 15 Dec 2016 at 12:05.
      My ComputersSystem Spec
  2.    12 Dec 2016 #2
    Join Date : Oct 2013
    Posts : 24,512
    64-bit Windows 10 Pro build 17017
    Thread Starter

    Updated to include Netgear R8000 routers.
      My ComputersSystem Spec
  3.    12 Dec 2016 #3
    Join Date : Sep 2014
    Sydney NSW Australia
    Posts : 291
    Windows 10 Pro 64bit 1703 (15063.502)

    Gee, that's wonderful isn't it? This unit should be better protected, it costs more than $20.00
    I don't use the default IP address for the router, I use one that is not a normal one, would I still
    be open to this attack?
      My ComputerSystem Spec
  4.    12 Dec 2016 #4
    Join Date : Oct 2013
    Posts : 24,512
    64-bit Windows 10 Pro build 17017
    Thread Starter

    At this point, I would consider yourself vulnerable no matter what for now.
      My ComputersSystem Spec
  5.    13 Dec 2016 #5
    Join Date : Jul 2016
    Posts : 3
    Windows 10 Pro

    I use my R7000 in bridge mode so I can have my printer in another room. The main router is an Asus AC68. Do you think the R7000 configured as a bridge is affected? Thanks
      My ComputerSystem Spec
  6.    13 Dec 2016 #6
    Join Date : May 2015
    Posts : 112

    I read the detailed report. My frustration, as a R7000 owner, is the lack of workaround while they hopefully work on a fix. There is nothing to say if downgrading the firmware will fix this. Netgear has older firmware versions on their support servers. If a simply downgrade would fix this until they fix it in another firmware patch I would be all over that. Replacing the router or simply not using it is not a simple solution. Unlike PCs, tablets etc. most people do not have multiple routers of this caliber by different vendors sitting around their house.
      My ComputerSystem Spec
  7.    14 Dec 2016 #7
    Join Date : Feb 2016
    Posts : 3
    Windows 10

    Netgear Routers


    Quote Originally Posted by MrBill View Post
    I read the detailed report. My frustration, as a R7000 owner, is the lack of workaround while they hopefully work on a fix. There is nothing to say if downgrading the firmware will fix this. Netgear has older firmware versions on their support servers. If a simply downgrade would fix this until they fix it in another firmware patch I would be all over that. Replacing the router or simply not using it is not a simple solution. Unlike PCs, tablets etc. most people do not have multiple routers of this caliber by different vendors sitting around their house.
    There is a temporary Beta fix available on the Netgear Site
      My ComputerSystem Spec
  8.    15 Dec 2016 #8
    Join Date : Sep 2014
    Sydney NSW Australia
    Posts : 291
    Windows 10 Pro 64bit 1703 (15063.502)

    Thanks for the update Codger, I am going to try it now.

    Ok, I just did the update and nothing bad has happened so, I guess it is fixed? maybe?
      My ComputerSystem Spec
  9.    15 Dec 2016 #9
    Join Date : Feb 2016
    Posts : 3
    Windows 10

    Netgear Routers


    Quote Originally Posted by Pendaws View Post
    Thanks for the update Codger, I am going to try it now.

    Ok, I just did the update and nothing bad has happened so, I guess it is fixed? maybe?
    It worked on my R6400. Glad it worked for you
      My ComputerSystem Spec
  10.    15 Dec 2016 #10
    Join Date : Feb 2016
    Phoenix, AZ
    Posts : 230
    Windows 10 Pro 1703 15063.413

    The Beta Firmware is also running on my 6400 - got my fingers crossed !
      My ComputersSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Netgear Nighthawk AC1900 Model R7000 Remote Management Problem
Hi, I bought this router because of favorable comments here and because of its VPN capability. But first I want to setup remote management and that's giving me a headache. I just updated the firmware and it says the level is...
Network and Sharing
Research shows antivirus products vulnerable to attack
Read more: Research shows antivirus products vulnerable to attack | ZDNet
Windows 10 News
Security Concerns of Consumer Routers / Some Commercial Routers
I am an IT guy, so security is constantly on my mind -- I would like feed back as well some input and opinions into this injustice done by major manufacturers. This is the fact that major manufacturers of Consumer Routers (Mostly) are building in...
User Accounts and Family Safety
Microsoft reveals Windows vulnerable to FREAK SSL flaw
Source
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:59.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums