SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Heads Up If You're Using One Of These 45 Netgear Devices
Page 1 2 
Go
New
Find
Notify
Tools
Reply
  
Heads Up If You're Using One Of These 45 Netgear Devices Login/Join 
Nullus Anxietas
Picture of ensigmatic
posted
TL;DR: If you don't know what you're about, tech-/networking-wise, probably best to replace anything that's one of the 45 NetGear devices listed in the The Register article below.

Yes, this is that bad.

If you are tech-savvy, and you know the web interface isn't accessible from the Internet, and you know your WiFi network is relatively secure: You probably needn't panic, but you should replace the unsupported equipment as soon as feasible, anyway.

"Live proof-of-concept code" means Bad Guys will have exploit scripts ready to go soon, if they don't already, and will be scanning the 'net looking for vulnerable devices. Make no mistake: They will find them.

quote:

If you own one of these 45 Netgear devices, replace it: Kit maker won't patch vulnerable gear despite live proof-of-concept code

Thu 30 Jul 2020 // 11:28 UTC

Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code.

The vuln was revealed publicly in June by Trend Micro's Zero Day Initiative (ZDI) following six months spent chivvying Netgear behind the scenes to take it seriously.

Keen-eyed Reg readers, however, noticed that Netgear quietly declared 45 of the affected products as "outside the security support period" – meaning those items won't be updated to protect them against the vuln.

America's Carnegie-Mellon University summarised the vuln in a note from its Software Engineering Institute: "Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgrade_check.cgi, which may allow for unauthenticated remote code execution with root privileges."

Full article: If you own one of these 45 Netgear devices, replace it: Kit maker won't patch vulnerable gear despite live proof-of-concept code

Relevant NetGear Support Article: Security Advisory for Multiple Vulnerabilities on Some Routers, Mobile Routers, Modems, Gateways, and Extenders

CERT Vulnerability Note: Netgear httpd upgrade_check.cgi stack buffer overflow - Vulnerability Note VU#576779



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
Bump for those who may have missed it, being as I posted it very late last night.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Thank you
Very little
Picture of HRK
posted Hide Post
Thanks, checked mine, not on the hot list of out of service, version on mine shows updated to the latest driver/firmware revision



 
Posts: 23243 | Location: Florida | Registered: November 07, 2008Reply With QuoteReport This Post
The One True IcePick
Picture of eyrich
posted Hide Post
Stuff like this are why I encourage people to consider pfSense for their home firewalls. The initial price is higher but they are supported for much longer. You also have to buy an access point (or turn your old wireless router into one)

Netgate pfSense systems I purchased in 2013 are still receiving free patches.




 
Posts: 858 | Location: IL | Registered: September 08, 2004Reply With QuoteReport This Post
Member
Picture of rtquig
posted Hide Post
Thanks, checked mine not on the list.


Living the Dream
 
Posts: 4011 | Location: New Jersey | Registered: December 06, 2010Reply With QuoteReport This Post
Drill Here, Drill Now
Picture of tatortodd
posted Hide Post
Thanks! Mine is not on the list and double checked that I'm running the latest firmware.

I'm holding onto my wifi router in hopes real 5G (i.e. not the half-assed version being falsely advertised now) comes to my neighborhood.



Ego is the anesthesia that deadens the pain of stupidity

DISCLAIMER: These are the author's own personal views and do not represent the views of the author's employer.
 
Posts: 23099 | Location: Northern Suburbs of Houston | Registered: November 14, 2005Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
The problem with pfsense and the like, eyrich, is they tend not to be particularly non-tech-user-friendly. And where do users go for tech support? Web forums? Have you seen what happens to annoyed non-tech-savvy end-users who go to such places for clueless newbie support? It often ain't pretty. Besides: Infinite updates only matter if people actually, you know, update--which, evidence indicates, few do.

I'd like to add: I still use a limited amount of NetGear ProSafe product, but only in cases where I can't find equivalent, or better, prosumer-or-better gear at roughly the same price/performance point. I'm not particularly enamored of NetGear.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Political Cynic
Picture of nhtagmember
posted Hide Post
I have an AC1900 - not on the list
 
Posts: 53086 | Location: Tucson Arizona | Registered: January 16, 2002Reply With QuoteReport This Post
Member
Picture of fpuhan
posted Hide Post
quote:
Originally posted by eyrich:
Stuff like this are why I encourage people to consider pfSense for their home firewalls. The initial price is higher but they are supported for much longer. You also have to buy an access point (or turn your old wireless router into one)

Netgate pfSense systems I purchased in 2013 are still receiving free patches.


quote:
Originall posted by ensigmatic:
The problem with pfsense and the like, eyrich, is they tend not to be particularly non-tech-user-friendly. And where do users go for tech support? Web forums? Have you seen what happens to annoyed non-tech-savvy end-users who go to such places for clueless newbie support? It often ain't pretty. Besides: Infinite updates only matter if people actually, you know, update--which, evidence indicates, few do.

Amen to both. I inherited a Netgate pfsense at my office. Extremely feature-rich, but a very steep learning curve. I've been configuring Linux firewalls; some are a piece of cake, some are more complex, but if I had to do it all over again, I'd have no qualms getting pfsense.

Years ago, I had an old LinkSys WRT54G router. Then I came across an article titled, "How to turn your $60 router into a $600 router" using DD-WRT software. I followed the directions, and then for six or seven years, I had a great, secure router. When I moved, I had to use my new ISP's hardware. Mad

DD-WRT is still available. It's FREE. They have a database of supported routers, Netgear among them. So, you may not have to toss out your hardware just yet...




You can't truly call yourself "peaceful" unless you are capable of great violence. If you're not capable of great violence, you're not peaceful, you're harmless.

NRA Benefactor/Patriot Member
 
Posts: 2857 | Location: Peoples Republic of North Virginia | Registered: December 04, 2015Reply With QuoteReport This Post
Member
Picture of bigdeal
posted Hide Post
quote:
Originally posted by ensigmatic:
Bump for those who may have missed it, being as I posted it very late last night.
Question. My current router is a Netgear WNDR3700v2. Per the list of routers in your post, I see the WNDR3700v3 listed as one of the 45 affected routers. Does that mean my older v2 is unaffected? I don't wish to assume anything here.


-----------------------------
Guns are awesome because they shoot solid lead freedom. Every man should have several guns. And several dogs, because a man with a cat is a woman. Kurt Schlichter
 
Posts: 33845 | Location: Orlando, FL | Registered: April 30, 2006Reply With QuoteReport This Post
Member
Picture of konata88
posted Hide Post
Can you tech savvy people help us non-tech savvy folks out? I need some translations into simple English. I have one of the routers on the list.

1. Internet comes in to house via cable. Connects to cable modem. I connect the router to the cable modem. All devices in the house connect to the router via hardwire or wifi. Does this help mitigate risk or not?

2. What happens if my router gets attacked? What can a hacker do?

3. What's a parity or better router company model? Recommendations for replacement router - sounds like this is not netgears first rodeo and they have a series of security issues. I usually buy routers at Costco. Currently they only have Netgear and another company (TP-Link Archer?). Should I just keep my router for a few more month until wifi 6e routers are available? Cross TP-Link off the list - PRC company. Dlink? Cisco/Linksys? Apple?




"Wrong does not cease to be wrong because the majority share in it." L.Tolstoy
"A government is just a body of people, usually, notably, ungoverned." Shepherd Book
 
Posts: 12683 | Location: In the gilded cage | Registered: December 09, 2007Reply With QuoteReport This Post
Shit don't
mean shit
posted Hide Post
Thanks for posting this. My 2 year old Netgear router is NOT on the list. I did need to update my firmware for it though.
 
Posts: 5734 | Location: 7400 feet in Conifer CO | Registered: November 14, 2006Reply With QuoteReport This Post
Member
Picture of cparktd
posted Hide Post
So just how old are these "outside the security support period" devices?



If it ain't woke... don't fix it.
 
Posts: 4118 | Location: Middle Tennessee | Registered: February 07, 2013Reply With QuoteReport This Post
Member
Picture of konata88
posted Hide Post
Bought mine in 2018




"Wrong does not cease to be wrong because the majority share in it." L.Tolstoy
"A government is just a body of people, usually, notably, ungoverned." Shepherd Book
 
Posts: 12683 | Location: In the gilded cage | Registered: December 09, 2007Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by bigdeal:
Question. My current router is a Netgear WNDR3700v2. Per the list of routers in your post, I see the WNDR3700v3 listed as one of the 45 affected routers. Does that mean my older v2 is unaffected? I don't wish to assume anything here.

Wise not to assume. My suspicion, based upon an abundance of caution, would be that it would be affected, but the only way to know for sure would be to contact NetGear.

It might be the v2 uses a different architecture entirely and is indeed unaffected.

quote:
Originally posted by konata88:
Can you tech savvy people help us non-tech savvy folks out? I need some translations into simple English. I have one of the routers on the list.

1. Internet comes in to house via cable. Connects to cable modem. I connect the router to the cable modem. All devices in the house connect to the router via hardwire or wifi. Does this help mitigate risk or not?

It does NOT

quote:
Originally posted by konata88:
2. What happens if my router gets attacked? What can a hacker do?

Very little they could not do. I could go on for paragraph-upon-paragraph describing ways in which you and the rest of the Internet could be exploited by that happening. Here's two:

They redirect things to places of their choosing, which, in turn, gives your network answers to bogus sites that look real. You go to a site, enter your login credentials, they throw up a realistic error page suggesting you typed you password wrong or something, then refresh you, via a redirect, to the legitimate site. They now have your login credentials and you have no clue.

They install a 'bot (short for "robot") on your router, that listens to a command-and-control (C&C) node somewhere on the Internet. Somebody wants to hurt a business, financial, or government installation. Botnet operator sells or rents them the botnet that includes your router. Your router takes part in a DDoS (Distributed Denial of Service) attack. (Subsequently, your ISP notices or is appraised of what "you" are doing and shuts off your Internet connection.)

They turn off what (often) minimal firewalling protection your router gave you, giving them open access to your entire LAN and everything connected to it.

These are not "Chicken Little" scenarios. They happen. They happen a lot. You should see my daily log analyses of attack attempts from the 'net. And that's just summaries of things that could possibly be exploited. I don't even bother to look at attempts that cannot possibly succeed.

quote:
Originally posted by konata88:
3. What's a parity or better router company model?

That, too, could take paragraphs. And I'm not a good resource, cuz I tend to got with higher-end, more powerful hardware, that is not very user-friendly for non-tech-savvy types at all.

quote:
Originally posted by konata88:
... sounds like this is not netgears first rodeo and they have a series of security issues.

Nearly everybody has security issues from time-to-time. It's how they handle them that's important, here, and NetGear is abandoning their customers and hurting the Internet as a whole thereby.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
You'll Shoot Your Eye Out!
Picture of MaThGr82
posted Hide Post
Thanks for posting this. I looked a little and one of the affected routers that a family member has is still being sold by Netgear on Amazon. Odd

https://www.amazon.com/NETGEAR...DR3400/dp/B0041LYY6K
 
Posts: 6302 | Location: Peoria, AZ | Registered: October 09, 2003Reply With QuoteReport This Post
Member
posted Hide Post
well I have the WNDR4500v2 router that's on the list. We're on a fiber optic network and don't have a modem. So, guessing I need to replace it, the question becomes with what?
 
Posts: 766 | Location: Southeast Tennessee | Registered: September 30, 2008Reply With QuoteReport This Post
Member
posted Hide Post
What about DSL modem/routers. Can I trust them to protect my network or do I need a router behind it
 
Posts: 1397 | Registered: November 07, 2013Reply With QuoteReport This Post
member
Picture of henryaz
posted Hide Post
 
I really don't know if they can be trusted or not, but I always assume not. My VDSL modem/router device is neutered. It does only one thing, it is a modem. Routing, DHCP, Wi-fi, and DNS are offloaded to dedicated devices designed to perform those functions well.
 
I would use the same network design plan no matter what the ISP connection device is. All-in-one devices usually do one thing well, and the rest is added on for end-user convenience. "Wi-fi routers" become simply routers in my world. I don't buy them anyway, but if I had to use one, it would be neutered same as my VDSL modem.



When in doubt, mumble
 
Posts: 10778 | Location: South Congress AZ | Registered: May 27, 2006Reply With QuoteReport This Post
Member
posted Hide Post
quote:
Originally posted by fpuhan:

DD-WRT is still available. It's FREE. They have a database of supported routers, Netgear among them. So, you may not have to toss out your hardware just yet...


The router I had prior to current one was a Netgear. Was nothing but trouble, poor performance and security issues.

I replaced it with an Asus RT-AC3200 which immediately got flashed with Advanced Tomato firmware (basically a full-feature GUI overlaid on Tomato by Shibby). It hasn't been updated in two years, and this year botnets have started targeting Tomato-flashed devices.

The exploit is predicated on default credentials and remote administration being on. I have neither. When this one finally gives up the ghost, I'll be back on DD-WRT looking for a newer unit from their supported list.
 
Posts: 55 | Registered: July 13, 2020Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Heads Up If You're Using One Of These 45 Netgear Devices

© SIGforum 2024