Check your Netgear router model for security vulnerability

Search this thread

Last Updated:
Jul 31st, 2020 12:20 am

Tags:

SCORE
+4
4
0

Reply to ThreadReply

Search this thread

Jul 30th, 2020 11:37 am

Scote64 [OP]: Deal Fanatic; Jan 21, 2018; 5564 posts; 5758 upvotes; Vancouver

Jul 30th, 2020 11:37 am

Check your Netgear router model for security vulnerability

https://www.theregister.com/2020/07/30/ ... _patching/

A remote code execution vulnerability affecting most Netgear routers was discovered in June, and is now being exploited in the wild.

Netgear has issued firmware updates for its current models (make sure yours is patched up to date!), but they have also said that many older models will not be patched - list in the article.

It's the classic buffer overflow again - need you even ask? Decades of software developers have been careless about guarding against buffer overflows in almost every software product in existence. Will they ever get it? Picture an episode of the Simpsons where Homer doesn't realize that his beer glass is too small to contain the contents of the beer can and keeps overflowing his beer onto the floor, resulting in a "Doh!" every time. Repeat on loop 10,000 times...

6 replies

Jul 30th, 2020 12:14 pm

audit13: Deal Expert; Feb 24, 2003; 17962 posts; 4402 upvotes; Toronto

Jul 30th, 2020 12:14 pm

I wonder how many people have actually been hacked and know that they've been hacked.

Jul 30th, 2020 8:38 pm

JonSnow: Deal Addict; Dec 29, 2008; 3709 posts; 1083 upvotes

Jul 30th, 2020 8:38 pm

It really should be illegal to leave routers vulnerable, but not realistic. Coz they'll always be that one router in a gandma house that will never get patched.

Jul 30th, 2020 8:59 pm

trane0: Deal Addict; Jun 8, 2005; 3099 posts; 565 upvotes; Toronto

Jul 30th, 2020 8:59 pm

JonSnow wrote: ↑ It really should be illegal to leave routers vulnerable, but not realistic. Coz they'll always be that one router in a gandma house that will never get patched.

what about making it illegal for a router manufacturer to EOL a model, and not provide a patch after a vulnerability is found? or in other words, grandma's router may not have a patch to apply to fix it.

Jul 30th, 2020 9:28 pm

tranquility922: Deal Expert; Sep 21, 2010; 15185 posts; 4599 upvotes; Montréal

Jul 30th, 2020 9:28 pm

Wow, I thought for sure I would get nailed since the list is quite long. Anyway, tx for the HU.

Hard work, inheritance, interest on interest accumulating, and stock and real estate speculation. It's all good.

Jul 30th, 2020 9:35 pm

djemzine: Deal Expert; Jun 15, 2011; 43286 posts; 7204 upvotes

Jul 30th, 2020 9:35 pm

OH o. Gotta love when home based routers have a security flaw and people don't update their firmware or even bother checking.

Gotta love RCEs and buffer overflows. Wonder if I can download a PoC for this

. PoC = Proof of Concept.

trane0 wrote: ↑ what about making it illegal for a router manufacturer to EOL a model, and not provide a patch after a vulnerability is found? or in other words, grandma's router may not have a patch to apply to fix it.

That's why you replace the router which is old and has reached its EOL? Lol. One can be nice to grandma and buy her a new router.

Blanka

Jul 31st, 2020 12:20 am

badOne: Deal Fanatic; Mar 31, 2017; 6729 posts; 2972 upvotes

Jul 31st, 2020 12:20 am

Only buy a router if 3rd party firmware like OpenWRT or fresh tomato, or DD-WRT, or Merlin supports it. You know official support will end, leaving you vulnerable, so who's fault is it really?

+1

Reply to Thread

Top