Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User AdrianPH
(member) Tue 13-Dec-16 12:05:52
Print Post

NETGEAR ROUTER ?? Turn it off now.


[link to this post]
 
NETGEAR ROUTERS VULNERABLE

Netgear customers urged to turn off Wi-Fi routers after several models found to pose security risk .............
Standard User bobble_bob
(knowledge is power) Tue 13-Dec-16 14:56:14
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: AdrianPH] [link to this post]
 
A temp fix

Verify that your router is affected by going to this URL:
http://[router-address]/cgi-bin/;uname$IFS-a

If that shows you anything but an error (or an empty page): youíre affected. If youíre unsure: please read the detailed explanation below

Point your browser to the following URL to terminate the web server process (which facilitates the vulnerability) on your router:
http://[router-address]/cgi-bin/;killall$IFS'httpd'

(optional) verify that the URL in step (1) is no longer accessible


Will only work until you reboot the router

If you restart your router, the vulnerability will be open again, but at least itís a temporary fix until Netgear releases an official patch. The only way someone could exploit this is if they sent you a malicious link and you clicked that link, which is pretty unlikely, but if you have one of these routers, itís still probably better to be safe than sorry.

Edited by bobble_bob (Tue 13-Dec-16 15:06:31)

Standard User 10forcash
(regular) Tue 13-Dec-16 16:17:50
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: AdrianPH] [link to this post]
 
Firstly, thanks for upping the hysteria level - although you do seem to have missed out the CAPS and obligatory multiple exclamation!!! marks...
Secondly, rather than propagating useless information (how are users supposed to find out about and apply a fix with no router?). A link to Netgear rather than the Torygraph would be helpful.
For example :- http://kb.netgear.com/000036386/CVE-2016-582384
You're welcome.


Register (or login) on our website and you will not see this ad.

Standard User bobble_bob
(knowledge is power) Tue 13-Dec-16 17:04:09
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: 10forcash] [link to this post]
 
Just tested mine, came up with a 404 error so im safe
Standard User AdrianPH
(member) Tue 13-Dec-16 17:49:16
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: 10forcash] [link to this post]
 
In reply to a post by 10forcash:
Firstly, thanks for upping the hysteria level - although you do seem to have missed out the CAPS and obligatory multiple exclamation!!! marks...
Secondly, rather than propagating useless information (how are users supposed to find out about and apply a fix with no router?). A link to Netgear rather than the Torygraph would be helpful.
For example :- http://kb.netgear.com/000036386/CVE-2016-582384
You're welcome.


I simply posted the headline and content from the newspaper article.

There were links to at least 6 other sites carrying the exact same headline but I thought one would suffice.

I had assumed that most people would read the article if they had a Netgear router and have the intelligence to take the necessary action.

Obviously in your case I seriously misjudged your level of competence and IQ.
Standard User cheshire_man
(eat-sleep-adslguide) Tue 13-Dec-16 18:15:23
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: bobble_bob] [link to this post]
 
+1

Tony
Happily running Windows 10 Pro on both desktop and laptop
We have more and more laws, and less and less enforcement
Standard User 10forcash
(regular) Tue 13-Dec-16 18:29:08
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: AdrianPH] [link to this post]
 
In reply to a post by AdrianPH:
Obviously in your case I seriously misjudged your level of competence and IQ.
You're not the first to do so, apology accepted.
Standard User micksharpe
(legend) Tue 13-Dec-16 20:02:04
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: bobble_bob] [link to this post]
 
DG834N - 404 Not Found

Thanks for the info smile

Edited by micksharpe (Tue 13-Dec-16 20:02:46)

Standard User bobble_bob
(knowledge is power) Tue 13-Dec-16 20:49:07
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: micksharpe] [link to this post]
 
Just remember "[router-address]" is 192.168.0.1. I forgot at first and left the URL with [router-address] in laugh
Standard User longedge
(committed) Tue 13-Dec-16 22:01:35
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: bobble_bob] [link to this post]
 
Not necessarily - e.g. host component is 1.1 on mine.

Standard User micksharpe
(legend) Tue 13-Dec-16 23:19:31
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: bobble_bob] [link to this post]
 
I know the IP address. How else can I access the menu system? But thanks, anyway.
Standard User longedge
(committed) Wed 14-Dec-16 12:26:17
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: micksharpe] [link to this post]
 
The DG834N isn't on the list of affected routers.

Standard User micksharpe
(legend) Wed 14-Dec-16 13:02:50
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: longedge] [link to this post]
 
I know. I was just curious.
Standard User longedge
(committed) Wed 14-Dec-16 14:15:17
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: micksharpe] [link to this post]
 
I tried the suggested URL as in bobble_bob's post and got a page of what looked like java script. After running the second URL I then got an error message from Firefox saying could not connect, so it worked for me.

The downside now is that I can't connect to the router admin interface so I'll have to leave it a few days and wait to see an announcement that an update is available so I can reboot and download it. I checked an hour or so ago and no update was shown as available then.

p.s. - further downside is that I've ended up on a gateway (+Net psb-bng04) where I am getting a lot of dropped packets while I'm trying to watch Ronnie O'Sullivan perform. I night even have to go and switch the TV on!!

Edited by longedge (Wed 14-Dec-16 20:06:39)

Standard User baby_frogmella
(fountain of knowledge) Wed 14-Dec-16 14:19:03
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: AdrianPH] [link to this post]
 
Luckily my R9000 seems to be unaffected.....pheeeeew

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
TalkTalk Business 80/20
Netgear R9000 X10 running OpenWRT
My Broadband Quality Monitor
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
Standard User bobble_bob
(knowledge is power) Thu 15-Dec-16 16:20:22
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: AdrianPH] [link to this post]
 
Just had a thought. Does this mean we should never trust wifi again in pubs/restaurants (even password protected ones) as they could be using unpatched Netgear routers?
Standard User ian72
(eat-sleep-adslguide) Thu 15-Dec-16 16:32:03
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: bobble_bob] [link to this post]
 
You should never "trust" them anyway. Everyone is sharing the same wifi so unless you are encrypting sensitive traffic and protecting the device appropriately then you are no better off than if you were connected direct to the Internet. An unpatched router just means you are open to more people - always assume on public wifi that someone else is on the wifi trying to steal your information.
Standard User ukhardy07
(knowledge is power) Thu 15-Dec-16 17:25:38
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: AdrianPH] [link to this post]
 
The title of this thread is ridiculous, there are vulnerabilities all of the time affecting routers. You will notice most articles state a user needs to be fooled by a phishing email or click a link on an affected device. Here, it seems as vulnerable as a user on Windows who gets fooled into clicking on an infected URL... Should we turn windows off worldwide as well?

There are vulnerabilities just as bad as this one on Cisco devices used in the corporate world.

Edited by ukhardy07 (Thu 15-Dec-16 17:28:24)

Standard User bobble_bob
(knowledge is power) Thu 15-Dec-16 20:45:51
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: ian72] [link to this post]
 
I never do, but certain apps on your phone are autosign in, so assume that sensitive data is being passed as soon as you open it?
Standard User bobble_bob
(knowledge is power) Thu 15-Dec-16 20:46:30
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: ukhardy07] [link to this post]
 
Guess with alot of Windows ones you have a chance of knowing about it through your AV going nuts. This one the user could be unaware
Standard User ukhardy07
(knowledge is power) Fri 16-Dec-16 01:14:38
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: bobble_bob] [link to this post]
 
In reply to a post by bobble_bob:
I never do, but certain apps on your phone are autosign in, so assume that sensitive data is being passed as soon as you open it?
It really depends on the apps.

Applications such as facebook will login over https using a secure TLS V1.2 connection. Here even on a public WiFi, it is not like your credentials can just be picked up by somebody else...

If the app is coded poorly it will transmit credentials over HTTP which is a cleartext format, here somebody on the same WiFi network is able to intercept the credentials (usernames and passwords) entered by you and all other traffic transmitted. Generally speaking on iPhone the majority of apps do not insecurely transmit credentials.

Features built into the iPhone such as the Mail app and iMessages app are fairly secure in their transmission of data.
Standard User 10forcash
(regular) Fri 16-Dec-16 07:41:28
Print Post

Re: NETGEAR ROUTER ?? Turn it off now.


[re: bobble_bob] [link to this post]
 
AV won't protect you against MiTM attacks, neither will HTTPS, generally, 'public' WiFi is a known risk, the bigger risk is spoofed access points, where your phone will 'trust' an already known AP name.
BTW, unless you're sending and receiving signed and encrypted mail end - to - end, no mail application is secure, neither are the contents.
Edited to add :- If you must use mobile banking applications, only ever use them with WiFi turned off to force a connection over 3G /4G, whilst not fully secure, it is at least of a consistent security level, unlike WiFi.

Edited by 10forcash (Fri 16-Dec-16 07:47:52)

Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to