The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Netgear customers urged to turn off Wi-Fi routers after several models found to pose security risk

    Discussion in 'Networking and Wireless' started by Tinderbox (UK), Dec 13, 2016.

  1. Tinderbox (UK)

    Tinderbox (UK) BAKED BEAN KING

    Reputations:
    4,740
    Messages:
    8,513
    Likes Received:
    3,823
    Trophy Points:
    431
    http://www.telegraph.co.uk/technolo...rged-turn-wi-fi-routers-several-models-found/

    http://www.theregister.co.uk/2016/12/13/netgear_r7000_r6400_r8000_security/

    http://www.techspot.com/news/67381-experts-warn-netgear-router-users-stop-using-devices.html

    http://arstechnica.com/security/201...-hackers-to-seize-control-of-netgear-routers/

    http://kb.netgear.com/000036386/CVE-2016-582384

    John.
     
    Tinderbox (UK), Dec 13, 2016
    #1
    jaug1337, Jarhead, alexhawker and 2 others like this.
  2. downloads

    downloads No, Dee Dee, no! Super Moderator

    Reputations:
    7,729
    Messages:
    8,722
    Likes Received:
    2,230
    Trophy Points:
    331
    "In the meantime, CERT offers a temporary solution that involves exploiting the flaw in a safe way by issuing a command that disables the router’s web server feature. It can be issued with the following URL:

    Code: 
    http://[router_IP]/cgi-bin/;killall$IFS'httpd
    Remember that [router_IP] is replaced with the local IP address assigned to the router. CERT notes that executing this command means the router's web administration will not be available until the device is restarted."
     
    downloads, Dec 13, 2016
    #2
    jaug1337, hmscott and Starlight5 like this.
  3. ALLurGroceries

    ALLurGroceries  Vegan Vermin Super Moderator

    Reputations:
    15,730
    Messages:
    7,146
    Likes Received:
    2,343
    Trophy Points:
    331
    ROFL

    I guess this obviates the need for the netgear telnet utility :D
     
    ALLurGroceries, Dec 13, 2016
    #3
    Dannemand, hmscott and katalin_2003 like this.
  4. Carcozep

    Carcozep Notebook Enthusiast

    Reputations:
    66
    Messages:
    43
    Likes Received:
    76
    Trophy Points:
    26
    For anyone still using Netgear routers:

    Router assimilated into the Borg, sends 3TB in 24 hours
     
    Carcozep, Feb 27, 2017
    #4
  5. mystery905

    mystery905 Notebook Deity

    Reputations:
    224
    Messages:
    1,287
    Likes Received:
    17
    Trophy Points:
    56
    If I use XWRT-Merlin on an R7000, am I still affected?
     
    mystery905, Feb 28, 2017
    #5
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    7,110
    Messages:
    20,384
    Likes Received:
    25,139
    Trophy Points:
    931
    Yeah, you gotta restrict access for remote controls if you are gonna leave them enabled. Set it to a specific IP on another non-connected network - something noone will be able to guess through brute force on your visible IP range.
     
    hmscott, Feb 28, 2017
    #6
  7. Carcozep

    Carcozep Notebook Enthusiast

    Reputations:
    66
    Messages:
    43
    Likes Received:
    76
    Trophy Points:
    26
    Carcozep, May 21, 2017
    #7
    downloads and hmscott like this.