Some Netgear routers vulnerable to hackers R7000 R6400 R8000

[Homer J Simpson]

http://laptops.reviewed.com/news/own-one-of-these-routers-it-may-be-vulnerable-to-hackers?utm_source=usat&utm_medium=referral&utm_campaign=collab

Netgear Statement;

http://kb.netgear.com/000036386/CVE-2016-582384

[Ampera]

At least it's a router buggering up instead of an IoT device.

It's all the computerized garbage that gets screwed over. It used to be your printer was attached to your LPT port and you used it, not you have to install an update every month to fix it, if your lucky enough to still have updates for the thing.

This is why we can't have nice things...

[PlainName]

Not a surprised for Netgear - they do great 'dumb' things (hubs, etc) but when it comes to adding smarts... Although this bit is a surprise (from their statement):

"Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR."

They have form for screwing up, perhaps most famously for DDOSing the Univeristy of Wisconsin:

http://pages.cs.wisc.edu/~plonka/netgear-sntp/

[Homer J Simpson]

NetGear Vulnerability Expanded

https://kalypto.org/research/netgear-vulnerability-expanded/


    NetGear AC1750-Smart WiFi Router (Model R6400)
    NetGear AC1900-Nighthawk Smart WiFi Router (Model R7000)
    NetGear AC2300-Nighthawk Smart WiFi Router with MU-MIMO (Model R7000P)
    NetGear AC2350-Nighthawk X4 AC 2350 Dual Band WiFi Router (Model R7500)
    NetGear AC2600-Nighthawk X4S Smart WiFi Gaming Router (Model R7800)
    NetGear AC3200-Nighthawk AC3200 Tri-Band WiFi Router (Model R8000)
    NetGear AC5300-AC5300 Nighthawk X8 Tri-Band WiFi Router (Model R8500)
    NetGear AD7200-Nighthawk X10 Smart WiFi Router (R9000)

[Monkeh]

The affected list should be pre-emptively amended to include every model of garbage router they make - safer that way, and likely to be accurate..

[Ampera]

NetGear Vulnerability Expanded

https://kalypto.org/research/netgear-vulnerability-expanded/


    NetGear AC1750-Smart WiFi Router (Model R6400)
    NetGear AC1900-Nighthawk Smart WiFi Router (Model R7000)
    NetGear AC2300-Nighthawk Smart WiFi Router with MU-MIMO (Model R7000P)
    NetGear AC2350-Nighthawk X4 AC 2350 Dual Band WiFi Router (Model R7500)
    NetGear AC2600-Nighthawk X4S Smart WiFi Gaming Router (Model R7800)
    NetGear AC3200-Nighthawk AC3200 Tri-Band WiFi Router (Model R8000)
    NetGear AC5300-AC5300 Nighthawk X8 Tri-Band WiFi Router (Model R8500)
    NetGear AD7200-Nighthawk X10 Smart WiFi Router (R9000)

NETGEAR is now on my list of, never buy from, along with Sony, Apple, and more.

[DimitriP]

I can't get my R7800 to behave the way the article describes ...I guess mine is "broken".

[KE5FX]

I don't understand how this would be exploited externally.  Going by what's on the kalypto.org page, the exploit is triggered by accessing the internal NAT address of the router, e.g. http://192.168.xxx.xxx/cgi-bin/;telnetd$IFS-p$IFS’56789? .  I guess the concern is that a malicious page might issue a redirect to an address like that?

[Ampera]

I don't understand how this would be exploited externally.  Going by what's on the kalypto.org page, the exploit is triggered by accessing the internal NAT address of the router, e.g. http://192.168.xxx.xxx/cgi-bin/;telnetd$IFS-p$IFS’56789? .  I guess the concern is that a malicious page might issue a redirect to an address like that?

Netgear says any old webpage you go to can execute arbitrary commands on the router's (I'd assume bash) interface. This is bad as this may be able to allow external traffic normally not allowed to access the network to just waltz right in. Sky's the limit with this one.

[stj]

routers, like phones, are things you should replace the badly written / spyware infested firmware on as soon as you take them out of the box!
 

[djos]

NetGear Vulnerability Expanded

https://kalypto.org/research/netgear-vulnerability-expanded/



    NetGear AC1900-Nighthawk Smart WiFi Router (Model R7000)

Makes me glad my R7000 is running the Xwrt-Vortex Firmware.

(the NetGear Genie FW is a horrid mess, even the smallest change usually results in a reboot - I'd never buy another of their routers again!)

[Ampera]

The only really good routers are PFSense boxes. Everything else is a monetary compromise, it's only a matter of how much of one.

[R005T3r]

Okay,

I've followed the instructions in the link provided above by the letter, using a linux shell and a specifically installed browser. First of all, the browser say "404 file not found" and second using the telnet command the shell says "Connection Refused" This mean, my router even if it's listed above, it's not vulnerable to this.

So, before installing the beta firmware, check if your router is actually vulnerable. If not, wait until the firmware is fully tested and relased!

[madires]

NETGEAR is now on my list of, never buy from, along with Sony, Apple, and more.

Actually you would need to add ALL well known manufacturers of SOHO routers. They all had/got major security issues. Either get a router supported by OpenWrt or go for a PC based pfSense (or some other open source firewall/router). Other options are AVM Fritzbox or a professional SOHO router, like LANCOM. Both had only a few issues so far, and both companies provide updates for more than just 2 years (about 5-10 years).

[madires]

And we got another exploit kit attacking about 160 routers from different manufacturers via malvertising:
https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices
So much for blocking ads is bad (for the websites earning money that way). Serving malvertising is worse.