Add Product

Search Results:

Reply
Member
Posts: 225
Registered: ‎11-03-2012

Netgear router vulnerability

What is Best Buy doing about the Netgear router vulnerability? Best Buy carries more than half of the 11 affected models that the Department of Homeland Security’s CERT group released an advisory about recently.  According to the advisory (released in Mid-December 2016) "The flaw allows unauthenticated web pages to access the command-line and then execute malicious commands, which could lead to total system takeover."  

 

It would seem like Best Buy should be doing more, like pulling and sending back models to the manufacturer that don't have the patched firmware (because there's a very high likelyhood that most end users are not going to apply the patch themselves and the patch is only confirmed to work for 3 out of 11 affected models). Or another option would be to post notices about it and offer a discounted rate for Geek Squad to do it before the customer leaves the store. 

 

It just seems incredibly irresponsible to KNOW about this exploit and continue to sell the product with no warning/notice or other proactive measures to people that you may be negatively impacting (especially if someone is using this in a connected setup where someone could gain access to cameras, lights, door locks, garages, etc). 

Trusted Contributor
Posts: 3,927
Registered: ‎02-25-2013

Re: Netgear router vulnerability

Your concern is a valid concern and should be addressed.

 

However, Netgear has already taken care of the issue.

 

 

What is NETGEAR doing about it?
NETGEAR takes customer security seriously and has released a firmware that fixes this issue. Details can be found on the firmware release notes articles # 29959, 29461, and 27635.
Customers can be notified of the new firmware by checking the Router Update page, desktop, and mobile genie app. NETGEAR will also proactively notify registered users via email.

 

Also as a suggestion from Netgaear, and one that everyone should always do is change the default settings.

 

How do I prevent this attack?
First step of all security measures is to block unauthorized access to your network. By default NETGEAR routers are pre-configured with random security SSID and passphrase. It is recommended to change the SSID and passphrase, as well as administrator password to the router setup GUI page. You can also block unauthorized device from the NETGEAR genie app or desktop application by right-clicking on the unauthorized device in the Network Map.

Please leave Kudo’s if you like a post or click Accept as Solution if a post answers your query. I am not an employee of Best Buy and all opinions left on this forum are my own.
Trusted Contributor
Posts: 3,927
Registered: ‎02-25-2013

Re: Netgear router vulnerability

I would also add that I received my update from Netgear about 6 or 7 weeks ago.

Please leave Kudo’s if you like a post or click Accept as Solution if a post answers your query. I am not an employee of Best Buy and all opinions left on this forum are my own.
Member
Posts: 225
Registered: ‎11-03-2012

Re: Netgear router vulnerability

@bobberuchi that is hardly a fix for several huge reasons:

(1) Netgear has confirmed that the patch that they released is only known to work on 3 out of 11 affected models. They basically said for the other 8, consider the software beta (i.e. if it works, it works, otherwise wait). Netgear knew about this for 3 months and did nothing until it recently blew up in the news. How much longer do they want people to wait?

(2) Most customers don't know how to properly setup and secure a router. And coming from someone that used to work for Best Buy they forgo the $150 network setup that costs more than the router. This means initial settings (including usernames and passwords) never get changed, making end users more vulnerable.

(3) Most routers go YEARS without firmware upgrades, making them easy exploit targets. Now that people are connecting their homes (in addition to their lives) to the internet, expect the number of exploits to go up.

(4) Best Buy is still actively selling models affected by this WITH the outdated firmware. See point 2 and realize that only 3 out of 11 have an actual confirmed fix. This tells me Netgear isn't taking it all that serious.

(5) Most customers are completely oblivious that this is even going on, which is why Netgear continues to ship routers (and Best Buy continues to sell them) without a confirmed fix for almost 75% of affected models - it should also be considered that 3 out of 11 are the best selling models on a certain online marketplace which means Netgear is almost certainly putting profits before people.
New Member
Posts: 2
Registered: ‎01-30-2017

Re: Netgear router vulnerability

NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management

Netgear had months to patch a vulnerability in some of the most popular consumer routers on the market. It still hasn't.