Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

New Netgear Vulnerability

  • 14-12-2016 9:27pm
    #1
    ED E
    Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭


    "This works even when the routers don’t have their management interfaces exposed to the Internet."

    Models affected are:
    ● R6250, R6400 (AC1750), R6700, R7000 Nighthawk (AC1900, AC2300),
    ● R7100LG, R7300, R7500 Nighthawk X4 (AC2350), R7800 Nighthawk X4S(AC2600),
    ● R7900, R8000 Nighthawk (AC3200), R8500 Nighthawk X8 (AC5300), R9000,
    ● Nighthawk X10 (AD7200)

    And:
    On Tuesday, Netgear finally released beta patches for some models, but the company says the fixes have not been fully tested and “might not work for all users.” Compounding the issue is that Netgear customers have to install the firmware themselves; the company says it has no process in place to push an over-the-air update, and that customers will have to manually install it on their own. That is, whenever it’s officially available.

    Test:
    Users can check if their models are affected by accessing the following URL in a browser when connected to their local area network (LAN): http://[router_ip_address]/cgi-bin/;uname$IFS-a . If this shows any information other than a error or a blank page, the router is likely affected.


Comments

  • #2
    ItHurtsWhenIP
    Registered Users, Registered Users 2 Posts: 2,116 ✭✭✭ItHurtsWhenIP


    ED E wrote: »
    "This works even when the routers don’t have their management interfaces exposed to the Internet."

    image.jpg


  • #3
    swoofer
    Registered Users, Registered Users 2 Posts: 5,678 ✭✭✭swoofer


    what does this really mean to non techies?


  • #4
    ItHurtsWhenIP
    Registered Users, Registered Users 2 Posts: 2,116 ✭✭✭ItHurtsWhenIP


    swoofer wrote: »
    what does this really mean to non techies?

    If you have one of the affected routers, the evil doers can take complete control of it very easily and turn it into a bot to be used in a botnet.


  • #5
    catfax
    Registered Users, Registered Users 2 Posts: 51 ✭✭catfax


    Link to firmwares with fix for vulnerability, given the popularity of netgear hardware it would be wise to stay on top of firmware updates with those and turn on other security measures like mac address filtering, two factor authentication password recovery for admin login (not that they stop that particular bug but just some extra security in general).

    http://kb.netgear.com/000036386/CVE-2016-582384

    This site keeps tabs on router security issues
    http://routersecurity.org/bugs.php


Advertisement