I see, what kind of trap site would that be though?
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
HUGE exploit in Netgear Nighthawk and other routers, accessed by browsing the web
- Thread starter Marty Chinn
- Start date
- Status
Marty Chinn
Member
That's the thing, you don't know. Hell, what if someone hacks a well known site and leaves the exploit there. You could think you don't go to anything unusual and still get hit.
SwiftDeath
Member
Wow Netgears lack of initial response and current response are terrible
Netgear couldn't even be bothered to respond to the guy and say "We got this, give us X time to fix it"
Rollins handled this well
Netgear couldn't even be bothered to respond to the guy and say "We got this, give us X time to fix it"
Rollins handled this well
For those of you interested in DD-WRT, KONG releases are consistently decent.
Like every DD-WRT public release though, scan the DD-WRT forums before installing. Have a USB to TTL cable ready in case of brick.
Some routers are incapable of maximum throughput with 3rd party firmware. I had a Cisco router that actually couldn't deliver my full Fibre potential from the ISP and I had to use one of Cisco's firmware. Not all routers are like this obviously, but there are some justifications for not using Open Source.
I have an Archer router that I love currently.
Installing this beta firmware is what should be done?
http://kb.netgear.com/000036386/CVE-2016-582384
Or is it not enough?
Edit: sorry I just read the page, it's unknown.
http://kb.netgear.com/000036386/CVE-2016-582384
Or is it not enough?
Edit: sorry I just read the page, it's unknown.
Yes, I'm looking at an archer C5400 right at this moment. The lack of response means....I'm not buying from you anymore. I left the stock firmware on there because I had absolutely no issues with it.
I mostly run merlin on my asus routers and even had XWRT on my R7000 for a long time before reverting.
TheCochese
Banned
Just updated, it was trivial to do. Shame on the lack of a speedy production update.
I still with the stock Netgear software because it does what I need it to. I've loaded DD-WRT on a number of other devices, but haven't needed to on the two Netgear products I own.
I still with the stock Netgear software because it does what I need it to. I've loaded DD-WRT on a number of other devices, but haven't needed to on the two Netgear products I own.
show me your skeleton
Member
just after a bunch of zyxels were exploited crippling tens if not hundreds of thousands of users.
virgin media use netgear, any idea what model?
edit: okay their forum states the netgear-made router isn't affected.
virgin media use netgear, any idea what model?
edit: okay their forum states the netgear-made router isn't affected.
Usually updates to the latest Linux kernel (more security patches) although it does have minor bugs like LEDs not lighting up when certain settings are not selected. You also lose hardware acceleration which is important to user who have really fast connections.
Web Interface is somewhat better than it was many years ago although still clunky. You should probably stick to Rmerlin or Tomato if that's what you prefer although these firmwares are stuck on very old Linux kernels due to drivers.
DD-WRT/OpenWRT tend to be up to date. Former is for everyone. The later is for people willing to learn.
If you need fast speeds for home use, you should build yourself a pfsense router.
People were laughing at Google for entering the router business. Problem is that a lot of current routers don't update themselves.
FunkyMunkey
Banned
+ customized VPN routing
Sweeney Tom
Banned
Glad I listened to the people saying Netgear was trash and didn't buy any of their products on Black Friday week. Thanks friends
Just use the backdoor.
Owned several Asus routers, went back to Netgear recently. I will go anywhere else except for Asus when I ever go with another manufacturer.
Did this wipe your existing information? I've got a PPPoE password I would need to call my ISP to verify if that's the case.
Edit: In case anyone else is curious. I called and got my PPPoE credentials then proceeded to update to the beta firmware. The update was super simple, I didn't need them, it kept my information and took about 5 minutes total.
Edit 2: This is an R7000
TheCochese
Banned
I don't have that need, so I don't know. I can't recall any custom settings when I set it up.
It can be one of those malware redirects that Neogaf often gets on mobile.
You don't need to type in some special website to be attacked.
Marty Chinn
Member
The thing is the Nighthawk routers aren't trash. They're quality devices that a lot of people here on GAF use and highly recommend. I think Netgear handled this poorly, but the router itself is pretty good quality hardware, exploit aside of course.
Gotcha, thanks for the response. Trying to avoid a lengthy call if possible, I haven't had great experience with the first tier tech support, so I may be looking at an hour or more to get a password. Thanks Netgear...I really should write these things down...
sixteen-bit
Member
Smh, netgear.
hipbabboom
Huh? What did I say? Did I screw up again? :(
Has R6300 okay?
It is pretty scary thinking about the amount of people out there who have never touched the routers or upgraded their firmware.
Most probably just hook it up and use the default password listed on the bottom of the router or wherever... some might change the ssid/password but after that it would basically be left untouched.
Most probably just hook it up and use the default password listed on the bottom of the router or wherever... some might change the ssid/password but after that it would basically be left untouched.
Lv99 Slacker
Member
Aaand this is why I wish I knew how to build and set up a pfSense router. If anyone here lives in Austin TX, hit me up. I'm really interested in building one.
Septimus Prime
Member
I like Asus routers a lot, too, but they also have some security flaws. You should probably get least change the firmware to Merlin (which is basically the regular Asus firmware with vulnerabilities patched).
Ploid 3.0
Member
Can all of these listed use ddwrt?
TheBryanJZX90
Member
Lol this story freaked me out, and then I freaked my wife out, until I went through my Amazon orders to confirm that our router is one of the affected ones, and I saw that we actually have an Asus. Oops!
SoRuffShoNuff
Member
I have a nighthawk that has been up for 2 years and it has never dropped a single connection and covers every single foot of 4K sq foot house including the basement.
This is definitely horrible but the hardware on the routers is great.
I updated the firmware. I think I am ok. Not sure how to check my Macs or phones to see if anything was corrupted but I would assume it would still ask for the password to make any real changes. No idea about the phones...
Pathetic but true.
thelatestmodel
Junior, please.
Oh come on, people don't even think this is a thing you have to worry about. Stop acting like people are idiots for using stock firmware.
There's a beta firmware fix here:
http://kb.netgear.com/000036386/CVE-2016-582384
Or just go straight to open source.
Unless it's a good one they are. Plenty have people have talked about basic performance, stability and utility benefits. I don't also expect most people to change their firmware savvy users should though.
Ploid 3.0
Member
I looked into it, I was just scared of messing up the router. Seems like mine can use DD WRT and I'm still being extra careful about it. I will install it as I have a backup router in case things go wrong, it's just that this one is better and newer.
thelatestmodel
Junior, please.
A tiny percentage of users, guaranteed.
RedRooster
Member
This might finally be the push I need to switch to advancedtomato. Anyone use that firmware on a R7000? Are the LAN speeds still good?
Can you not do a firmware backup?
Very few, for sure. And OTA updates would probably be pretty inconvenient here, but if they can find a way to do it, Netgear should probably bite the bullet and do so now that this is public knowledge.
- Status