Check your Netgear router model for security vulnerability

Search this thread

Last Updated:
Jul 31st, 2020 12:20 am

Tags:

SCORE
+4
4
0

Reply to ThreadReply

Search this thread

Jul 30th, 2020 11:37 am

Scote64 [OP]: Deal Addict; Jan 21, 2018; 3226 posts; 3298 upvotes; Vancouver

Jul 30th, 2020 11:37 am

Check your Netgear router model for security vulnerability

https://www.theregister.com/2020/07/30/ ... _patching/

A remote code execution vulnerability affecting most Netgear routers was discovered in June, and is now being exploited in the wild.

Netgear has issued firmware updates for its current models (make sure yours is patched up to date!), but they have also said that many older models will not be patched - list in the article.

It's the classic buffer overflow again - need you even ask? Decades of software developers have been careless about guarding against buffer overflows in almost every software product in existence. Will they ever get it? Picture an episode of the Simpsons where Homer doesn't realize that his beer glass is too small to contain the contents of the beer can and keeps overflowing his beer onto the floor, resulting in a "Doh!" every time. Repeat on loop 10,000 times...

6 replies

Jul 30th, 2020 12:14 pm

audit13: Deal Expert; Feb 24, 2003; 16365 posts; 2833 upvotes; Toronto

Jul 30th, 2020 12:14 pm

I wonder how many people have actually been hacked and know that they've been hacked.

Jul 30th, 2020 8:38 pm

JonSnow: Deal Addict; Dec 29, 2008; 3484 posts; 837 upvotes

Jul 30th, 2020 8:38 pm

It really should be illegal to leave routers vulnerable, but not realistic. Coz they'll always be that one router in a gandma house that will never get patched.

Jul 30th, 2020 8:59 pm

trane0: Deal Addict; Jun 8, 2005; 2935 posts; 438 upvotes; Toronto

Jul 30th, 2020 8:59 pm

JonSnow wrote: ↑ It really should be illegal to leave routers vulnerable, but not realistic. Coz they'll always be that one router in a gandma house that will never get patched.

what about making it illegal for a router manufacturer to EOL a model, and not provide a patch after a vulnerability is found? or in other words, grandma's router may not have a patch to apply to fix it.

Jul 30th, 2020 9:28 pm

tranquility922: Deal Guru; Sep 21, 2010; 13483 posts; 3600 upvotes; Montréal

Jul 30th, 2020 9:28 pm

Wow, I thought for sure I would get nailed since the list is quite long. Anyway, tx for the HU.

The richest 1% of this country owns half our country’s wealth, 5 trillion dollars, one-third of that comes from hard work, two-thirds comes from inheritance, interest on interest accumulating to widows and idiot sons, and what I do.. <find the rest>

Jul 30th, 2020 9:35 pm

djemzine: Deal Expert; Jun 15, 2011; 41185 posts; 6414 upvotes

Jul 30th, 2020 9:35 pm

OH o. Gotta love when home based routers have a security flaw and people don't update their firmware or even bother checking.

Gotta love RCEs and buffer overflows. Wonder if I can download a PoC for this

. PoC = Proof of Concept.

trane0 wrote: ↑ what about making it illegal for a router manufacturer to EOL a model, and not provide a patch after a vulnerability is found? or in other words, grandma's router may not have a patch to apply to fix it.

That's why you replace the router which is old and has reached its EOL? Lol. One can be nice to grandma and buy her a new router.

Proud to be an Indian.
__________________________________________________________________________
Incident/Cyber Breach Response|Malware Analyzer|Threat Intellligence

Jul 31st, 2020 12:20 am

badOne: Deal Fanatic; Mar 31, 2017; 6495 posts; 2836 upvotes

Jul 31st, 2020 12:20 am

Only buy a router if 3rd party firmware like OpenWRT or fresh tomato, or DD-WRT, or Merlin supports it. You know official support will end, leaving you vulnerable, so who's fault is it really?

+1

Reply to Thread

Top