Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Businesses Networking Wireless Networking Hardware

Netgear Releases 'Beta' Patches For Additional Routers Found With Root Vulnerability (netgear.com) 26

The Department of Homeland Security's CERT issued a warning last week that users should "strongly consider" not using some models of NetGear routers, and the list expanded this week to include 11 different models. Netgear's now updated their web page, announcing eight "beta" fixes, along with three more "production" fixes. chicksdaddy writes: The company said the new [beta] firmware has not been fully tested and "might not work for all users." The company offered it as a "temporary solution" to address the security hole. "Netgear is working on a production firmware version that fixes this command injection vulnerability and will release it as quickly as possible," the company said in a post to its online knowledgebase early Tuesday.

The move follows publication of a warning from experts at Carnegie Mellon on December 9 detailing a serious "arbitrary command injection" vulnerability in the latest version of firmware used by a number of Netgear wireless routers. The security hole could allow a remote attacker to take control of the router by convincing a user to visit a malicious web site... The vulnerability was discovered by an individual...who says he contacted Netgear about the flaw four months ago, and went public with information on it after the company failed to address the issue on its own.

This discussion has been archived. No new comments can be posted.

Netgear Releases 'Beta' Patches For Additional Routers Found With Root Vulnerability

Comments Filter:
  • ...says he contacted Netgear about the flaw four months ago, and went public with information on it after the company failed to address the issue on its own.

    How many times...?

    It's time to reinstate public hangings for this offense, IMHO.

    • Notice DNSChanger impacting 1 in 5 restaurants and tens of millions of people before they came out with a fix?

  • ...well at least if the firmware bricks your router, the hole will be closes... and no further data can get off your LAN onto the WAN via the fixed router...

  • reflashing with openwrt/lede/dd-wrt, https://plus.google.com/107942... [google.com]
  • My extensive post to a previous story about Netgear, hoping to help Netgear improve: The end of Netgear? [slashdot.org]
  • I had a NG 3800 for a long time and Avast started alerting to vulnerability thru it's network scan. NG was no longer supporting the 3800, so I used Avast workaround for a bit, but this year upgraded to the NG Nighthawk 1750 AC 6700, thinking that since was supported by NG and relatively newish router, that they had fixed the problem. Lo and behold, same alert came up through Avast. I contacted NG about it and was told that it was a false alert by Avast. Contacted Avast and they told me that NG is lyi
  • I have found Netgear to be no worse than any other consumer router manufacturer, and better than several. Many manufacturers have had similar vulnerabilities in recent years, at least they have (finally) responded, albeit under the perception that it is perhaps due to the bad press.

    That said, I'm posting here to call them out for STILL not having any means to generate fresh VPN keys on their routers. If your VPN profile security was every in question there is nothing you could do about it short of buying a

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...