WTF is your problem, Netgear? Another hijack hole found in its routers Researchers are warning of a serious security hole that can be exploited to hijack potentially hundreds of thousands of Netgear routers. The programming blunder allows an attacker with access to the router to harvest the administrator access password. A victim could visit a malicious webpage that uses JavaScript to exploit the …
I followed the link from this article to the bug description page at Netgear to the update page for my R6300v2 router, only to find that it says this bug was apparently fixed already in the firmware update I installed at the end of December (V1.0.4.6_10.0.76). I see that the bug report numbers are dated 2017, so how is it that they were supposedly already fixed in earlier firmware?
I guess this issue is with some newer Netgear routers. The only password recovery option for mine (that I'm aware of) is the hole in the back of the case (accepting metal pin). Maybe some of newer, cloud enabled "smart" routers that I'd not touch. Home router better be simple and did not require sign-in to somebody's cloud.
I guess this issue is with some newer Netgear routers. The only password recovery option for mine (that I'm aware of) is the hole in the back of the case (accepting metal pin).
Appears so. I just checked on old WNDR3700 with V1.0.4.68 firmware (never used as a router, but just as an access point) and whilst failing to authenticate does result in page produced by unauth.cgi, there is no tokens or anything like that. Likewise passwordrecovered.cgi does not exist (results in 404).
Netgear probably doesn't write the code running on their routers, they get the code from the chipset vendors and then reskin it. So they decide on a chipset, and while the hardware is being developed, they re-skin the firmware of the vendor. Any updates coming out since then will simply be ignored.
Most consumer product is build as cheaply as possible, hacked together software running on low cost hardware, , which is reflected in the price. As in power tools there are cheap home versions (consumer grade) of the more expensive version sold to the commercial sector (industry grade).
I recently upgraded from Asus to Apple, throughput went up, availability went up!
(hanging off a long distance 802.11A/WiMax mountain top ISP-company in the alps)
this shiny 2013 Extreme does do AC quite well, limit of about 50 clients, and I was able to find it refurb - Apple are about to drop making new ones, according to rumors. AMZN currently has them for £159.
Strangely, my ISP (often) cut my RT-AC56U off as it was pinging for NTP 'too-much' in their opinion, the previous Asus RT-N16 was perfect - but was taken out by the EMP of lightning hitting something in the garden.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
