Vulnerability Prompts Warning: Stop Using Netgear WiFi Routers

"By convincing a user to visit a specially crafted web site, a remote attacker may execute arbitrary commands with root privileges on affected routers," warns a new vulnerability notice from Carnegie Mellon University's CERT. Slashdot reader chicksdaddy quotes Security Ledger's story about certain models of Netgear's routers: Firmware version 1.0.7.2_1.1.93 (and possibly earlier) for the R7000 and version 1.0.1.6_1.0.4 (and possibly earlier) for the R6400 are known to contain the arbitrary command injection vulnerability. CERT cited "community reports" that indicate the R8000, firmware version 1.0.3.4_1.1.2, is also vulnerable... The flaw was found in new firmware that runs the Netgear R7000 and R6400 routers. Other models and firmware versions may also be affected, including the R8000 router, CMU CERT warned.

With no work around to the flaw, CERT recommended that Netgear customers disable their wifi router until a software patch from the company that addressed the hole was available... A search of the public internet using the Shodan search engine finds around 8,000 R6450 and R7000 devices that can be reached directly from the Internet and that would be vulnerable to takeover attacks. The vast majority of those are located in the United States.
Proof-of-concept exploit code was released by a Twitter user who, according to the article, said "he informed Netgear of the flaw more than four months ago, but did not hear back from the company since then."

Netgear *firmware*

[c]

Stop using Netgear firmware. I operate under the assumption that the stock firmware on any consumer wireless device is probably a bug riddled privacy disaster and replace it with something sane ASAP.

Obviously, that sucks for people who can't dabble in firmware replacements, but there's a limit to what I can fix...

Re:

[peawormsworth]

When the source code is hidden, there is no need to hide a backdoor. When closed source software is "audited" how can you as a consumer know that the code you are running came from the source that was audited?

Re:Netgear *firmware*

[MeanE]

Just grab anything on this list.

https://advancedtomato.com/dow... [advancedtomato.com]

Re:

[Cute Fuzzy Bunny]

They're too busy getting Trump elected. Second string Chechnyans have been called in to back fill.

Re:

[Cmdln Daco]

Compile it yourself, using a compiler, linker, and libraries that you've read the source for yourself, or that you trust a great deal. Also, review the firmware in the hard drive of the machine you compile it on, and also the firmware in the keyboard. And the firmware on the Ethernet card, if any of the source traversed the network. Etc. etc.

Re:

[peawormsworth]

That sounds exactly like what happens to corporations with closed source software. For example, Microsoft has to assess the security of their source code before release, and they continually fail to succeed at it. It is because their code is somewhat beyond their ability to maintain it properly. Corporations just aren't big enough to compete with the world of users. They would be much better served (for security) by releasing the source code. Then they would really flush out all those gaping holes lurking i

Re:

[Wycliffe]

Are there any Netgear Wifi routers with easily replaceable firmware?

Yes. I've put dd-wrt on several netgear wndr3400v2 routers. It was literally as simple as finding the right firmware and using the gui on the netgear router to select the file from the list and hit update.

Re:

[Wycliffe]

Are there any Netgear Wifi routers with easily replaceable firmware?

Yes. I've put dd-wrt on several netgear wndr3400v2 routers. It was literally as simple as finding the right firmware and using the gui on the netgear router to select the file from the list and hit update.

A quick glance shows that the R7000 mentioned in the article not only supports dd-wrt but is also one of the fastest consumer grade routers on the market that does: https://dd-wrt.com/wiki/index.... [dd-wrt.com]

Re:

[peawormsworth]

I have tested DDWRT and Tomato on a Netgear device. It worked for me with that brand on at least one device. A search for Netgear hardware in the hardware support page on the official router software sites will tell you more.

Re: Netgear *firmware*

[corychristison]

Get your ISP to put your modem/gateway into bridge mode, and put your own router between your equipment and their equipment.

Re:

[Anonymous Coward]

Not all modem/gateways have a bridge mode.

Re: Netgear *firmware*

[corychristison]

I've never had a situation where it wasn't possible.

Just this past week I argued with the tech that came to initialize my service after switching ISP's. Sure enough after calling back to his support center, they were able to do it for him remotely. After a power cycle it worked, and still works great now. So it's entirely possible if someone tells you it's not possible, there is a very good chance the tech you have just doesn't know how.

If you have a service with IPTV then maybe its a little more complicate

Re:

[klui]

You can't do this on U-verse residential gateways. There's a pseudo bridge mode but not the same thing.

Re:

[Zmobie]

While you can't do a bridge mode because the shitty firmware they use doesn't have it, you can turn the DMZ on and forward everything to a router behind it. I know, because that is how my network is setup right now. My Netgear router running DD-WRT is MUCH more secure then the shit the provide for software (Netgear and AT&T). Love Netgear's hardware, but their firmware blows ass.

Re:

[Agripa]

I hate the way AT&T U-Verse works also. The DMZ+ mode works poorly, AT&T blocks IPv6 tunneling, their caps are completely unreasonable, and performance and reliability are poor.

When I switched to Charter a couple months ago which is the only other option in my area, their modem only operated in bridge mode. All I had to do was plug my router's WAN port into the modem and the switch over was immediate.

Re:

[Anonymous Coward]

Not all modem/gateways have a bridge mode.

Yeah, looking at you Google Fiber

I immediately thought of OpenWRT

[Bruce Perens]

Yes, I immediately thought of OpenWRT, which I run on Netgear, Linksys, and other companies routers. I buy them brand-new and flash them before placing them in service.

Re:

[SEE]

Yep. The R6400 and R7000 are both supported by both DD-WRT, and Tomato by Shibby. I think OpenWRT only supports the R7000

Re:

[mikeiver1]

DDWRT... At least you can be generally comfortable that the firmware has been checked for exploitable holes and is relatively safe to use. Anyone care to bet that Netgear is NOW working on a patch finally?

Re:

[TJ_Phazerhacki]

+1. The R7k is BRILLIANT running a custom DD-WRT build, and I am using largely the same running config that I've been using for the last half decade across 3 different devices. And my brother has the previous device, and while he probably couldn't handle a bricked device like I could, he is more than capable of following updates for the build I found for him.

Re: Netgear *firmware*

[corychristison]

I have built my own router in the past, and I ran pfSense.

I used a Jetway dual gig-nic VIA-based board. I can't recall the exact model. This was back in 2007/2008 or so.

I had one NIC for the WAN, the other for the LAN where I used an 8-port gigabit switch.

It worked well. At the time driver support for wireless cards (for a wireless accesspoint) was basically non-existant so that was one limitation. When we started getting wireless devices in our home (blackberries at the time) we decided we should upgrade the network.

Another problem is power consumption. The whole setup used aroud 100W.

There are the Alix boards with multiple NICs built in, still x86 based and easy to procure that use way less power these days. If I had to do it again, this is the route I would go.

The new higher end routers these days do offer a great value. Just do your research as to which can be flashed to Tomato/DD-WRT/OpenWRT/etc. and at least you have some control over them.

Re:

[Agripa]

I am still using my ancient Celeron 300A for my pfsense router. The only failure it has had is when the ice maker sprung a leak and water dripped into the case and when that happened, I transferred the pfsense configuration over to a spare Pentium 4 and got the original hardware back up in running within a day. Power is about 25 watts.

It is better to use an independent wireless access point than a wireless port directly on a BSD router. It should not be that way but the wireless manufacturers are jerks a

Re:Netgear *firmware*

[raymorris]

> In a VM though. At least that will lower the chance of potential attack vectors considerably even if a program in said VM were shit on.

If you run your firewall / router in a VM, that means there's a physical box hosting it which is physically plugged directly into the internet, unprotected by the firewall. I'm not saying it can't be done reasonably safely, but that's certainly not my preference.

> So, in conclusion, I'll buy an OpenWRT-compatible router and flash it on because I am lazy. :)

Yep. I've been doing network security full time for almost twenty years and I would (and do) use OpenWRT, not only because I'm lazy, but because that's a team of people building something specifically for that role. Even with 20 years of security experience, I could overlook something regarding security and nobody would be checking my work.

I may switch to a Cisco ASA as my first line of defense, though. I happen to have one for lab purposes. I'm not sure I want to deal with Cisco's licensing keeping the thing updated and doing everything I want it to do, though.

Re: Netgear *firmware*

[zuralin]

> If you run your firewall / router in a VM, that means there's a physical box hosting it which is physically plugged directly into the internet, unprotected by the firewall. I'm not saying it can't be done reasonably safely, but that's certainly not my preference.

What are you taking about? I run this exact setup and my host isn't "unprotected by the firewall." The port belongs to pfSense as the WAN port and unless I open something up to my host within the firewall rules, no one is getting access to it.

A

How do you think frames get to your VM

[raymorris]

>> If you run your firewall / router in a VM, that means there's a physical box hosting it which is physically plugged directly into the internet

> What are you taking about? I run this exact setup and my host isn't "unprotected by the firewall."

How exactly do you think ethernet frames GET to your VM, at layer 1 and layer 2?

As I said, it's not impossible to do it reasonably safely, but I much prefer to have nothing but the firewall *physically* plugged into the internet. In theory, software should

Ps: I don't use OpenWRT for enterprise, b/c CYA

[raymorris]

BTW my postb might have been unclear. I mentioned I've been doing this professionally for a long time, and that I use OpenWRT. What I didn't make clear is that I don't deploy OpenWRT professionally.* Putting aside what might be technically best for a particular role, we're all heard the saying "nobody ever got fired for buying IBM", nobody ever got fired for buying Cisco.

* One time I needed a VPN end point to serve ONE user, for a company with total annual revenuev around $100K. OpenWrt met the requiremen

Re:

[TheRaven64]

The PC-Engines and Soekris boards are designed to be used as routers and do a pretty good job. They're low power (7W or so in heavy use), and typically have multiple GigE connections and either WiFi on board or miniPCI slots for WiFi and boot from Compat Flash. They fit nicely in a 6" square case and will happily run either a full OS or something more appliance-focused like pfSense. I ran an older one for years without issues.

Re:

[ArchieBunker]

I tried OpenWRT on a cheap TP-LINK wifi router. While the feature set was impressive, it could barely manage 1/3 the throughput of the stock firmware.

Re:Time for OpenWRT?

[Jonathan P. Bennett]

I tried OpenWRT on a cheap TP-LINK wifi router. While the feature set was impressive, it could barely manage 1/3 the throughput of the stock firmware.

This is absolutely accurate. The reason is that the stock firmware enables hardware accelerated NAT in the switch chip. This isn't yet supported in the Linux kernel, so no support in Openwrt.

Re:

[Major Blud]

I've sorta seen the the same thing. I've been using DD-WRT on Linksys access points for years. I don't use them for my router, I have a pfSense box for that.....the Linksys is strictly for wifi. I recently upgraded from a Linksys E3000 to a WRT1200AC so that I could upgrade from 802.11N to AC. The first thing I did was install DD-WRT on it.

The thing would have a hard-crash about half-way through streaming a 2-hour Netflix movie. I didn't have these problems with the E3000, so my first thought was that

Re:

[radarskiy]

"the problem is in the firmware"
OpenWRT firmware contains a Linux kernel.

Re:

[Jamu]

I bought a cheap Intel Celeron N3150 that came with dual NICs, and installed pfSense on it. Best router I've ever had. Although the modem plugged into it is Netgear...

Re:

[youngone]

I have a similar setup, pfSense on a cheap, older PC, with the ISP router in bridge mode in front of it (I have a VDSL connection).

The major downside is that I can't resist playing, and seem to have borked DNS.

Re:

[Jamu]

I've managed to bork mine too, but this was before I discovered "Backup & Restore" under "Diagnostics".

Re:

[TheRaven64]

An old PC is probably not worth it, if you're keeping it powered all of the time. A PC-Engines APU2 board will use 6-10W and cost around $100. An old PC will use 50-100W and cost $0. Power costs a little over 1$/W/year, so after one to two years you've paid more in power for the old PC than the TCO for the newer board.

With what features enabled in both firmwares?

[Anonymous Coward]

It is possible that 1/3 throughput number is due to differences in the packet filtering framework in use and the default filtering being done.

I personally moved to OpenWRT just to make sure my router was filtering packets properly and being able to configure multiple vlans in the switch chip. As a 100 megabit router running a ~300 mhz cpu, it is getting full line speed over the WAN port (20-30 megabit) even with a dozen or so rules in place.

Having said that: Were you attempting to use WIFI on the router at

Re:

[Nemyst]

The R7000 (which I own) supports DD-WRT very well, so it's just a matter of installing that.

Re:

[Z00L00K]

And it may have been utilized by malware for a long time before that.

The end of Netgear?

[Futurepower(R)]

I sent this to Netgear management, trying to be helpful. There was no answer:

The end of Netgear? Negative reviews about Netgear products act as powerful negative advertising. When people want to buy computer hardware, they read the reviews on Amazon and Newegg. A large percentage of the reviews of Netgear routers are extremely negative.

Below are links to extremely negative reviews: 1) 14 extremely negative Amazon reviews and 2) 11 Netgear Forum requests for help that were ignored.

The negative reviews reflect 3 very serious issues:

1) Netgear does not publish sufficient information about how to configure its equipment, so many customers have severe difficulties.

2) Netgear's equipment is, in some ways, badly designed. Users with experience with other manufacturers don't imagine that the electronic design of Netgear products makes the products so complicated to configure.

3) Customers who post problems on the Netgear Forum often receive no help.

Solutions

There is an easy, quick solution: Netgear must communicate clearly. There is a long-term solution: Netgear needs to hire electronics engineers and programmers who eliminate the design problems.

Benefits

Sales will be much easier if Netgear becomes better at communicating. Anyone holding Netgear stock will benefit from improvements in ease of configuration of Netgear products. Netgear will be easier to manage if there is better coordination.

I spent many hours trying to configure our Netgear routers. Eventually I found a review on Amazon that told how to correct the problem. I was trying to configure 4 FVS336Gv2 routers. (We own 8.) They worked very well for a few hours, and then dropped connections.

I've discovered there are many other people with the same problem. I posted 2 messages on the Netgear Forum and received no reply. My experience with older Netgear routers is that they have configuration issues also, but are easier to configure than the newer routers.

I'm an electronics design engineer and programmer. This article is a volunteer effort to try to get Netgear to improve communication with customers, so that my company will not need to change our operations to use hardware from another manufacturer.

One example of poor communication: Customers are not told of the unusual methods necessary to make Netgear equipment work. See this example from an Amazon review:

Be advised, Netgear Tech Support STRONGLY recommends doing a factory reset both before AND after upgrading to new firmware. ... IMHO, some of the complainers either didn't reset before and after or didn't correctly upgrade their firmware.

That indicates that there is no internal mechanism to prevent faulty installation of firmware.

The instructions that come with the firmware say nothing about resetting before and after.

Customers imply that Netgear makes configuration difficult so that Netgear can charge for help. Configuration help is free for 90 days. After that Netgear charges for help. Making configuration difficult and not intuitive apparently, judging from what customers say, is a way of making more money.

Other ideas from customer reviews:

1) The plug-in power supplies sometimes don't provide enough power.

2) Some Netgear routers require 4 minutes to re-start after the power is off.

3) Some Netgear routers must be turned off for at least 2 minutes before re-starting. (That indicates that the design lacks a resistor to drain the power supply capacitor quickly after the router is unplugged.)

4) Question: How long must the "Factory Defaults" switch be pressed before the return to factory co

Re:

[eclectro]

This has been going on for decades. What they will do is string a customer along until they EOL the hardware so they do not have to fix the firmware problem anymore and move on to making the next piece of crap. Really people, there is ZERO reason you should be buying anything with the Netgear name new *or* used. An attorney general somewhere needs to make an example of them.

Other suppliers of VPN routers: Any suggestions?

[Futurepower(R)]

(In the grandparent comment, I forgot to say that I sent that information to Netgear management in January 2016, less than a year ago.)

I researched other suppliers of VPN routers. They didn't seem better.

Any suggestions?

Thanks.

[Futurepower(R)]

Thanks. Having a look at Asus VPN routers now.

Re:

[wbr1]

I concur. I have recommended Netgear to friends and residential customers for a while. No more. I own an R7000 that suffered from a terrible time after a bad firmware upgrade. Forum support was terrible with better responses coming from outside techs than Netgear. Now this.

I will not be recommending them anymore, and I will let them know why.

Interesting timing ...

[King_TJ]

I was just complaining in a message thread on Facebook earlier today about Netgear product issues. (Netgear had some corporate shill trying to talk up their product line on there, and promptly got a slew of negative comments about support issues and hardware problems with their products. I had to chime in with my bad experience of a whole group of ProSafe smart switches that failed shortly outside the warranty period, thanks to defective power adapters included with them. Netgear wanted to charge more for a

OR Try This

[rotorbudd]

Asuswrt-Merlin on Netgear R7000 I've been using this for several months. http://www.linksysinfo.org/ind... [linksysinfo.org] Just about everything that's on the ASUS routers runs on the Netgear.

Re:

[fedux]

Asuswrt-Merlin (or XWRT or Cross-WRT) is *CLOSED SOURCE*. It's a port to the R7000 based on the open source from RMerlin, but the author of the port is refusing to provide the sources. I've contacted him and almost got him to release the source, but he later changed his mind and he's refusing to do it. That is clearly a GPL violation and even if I've asked him for the reasons to refuse to release the source code he didn't say.

Anyone have any more info?

[Solandri]

There are a helluva lot more than 8000 Netgear routers on the Internet, which implies the vulnerability requires you to enable remote (WLAN) admin access on the router for it to be exploited externally. But neither link clarifies if this is the case.

You'd still vulnerable from the LAN side, particularly if someone using your Internet clicks a link with the default IP address of the router coded into the URL. But the first thing I do when I get a new router is change the default IP address precisely to prevent this sort of thing, and to avoid complications from subnet address collisions when setting up VPNs. Usually something in then 10.x.x.x block [wikipedia.org].

Re:

[WD]

It's remotely exploitable with no user interaction if the web admin stuff is exposed to the internet. If the remote web admin is not enabled, then it's exploitable as the result of a user on the network viewing a malicious or compromised website.

Changing the IP address or subnet of your router will only stop the laziest/inept of attackers.

Re: Anyone have any more info?

[Anonymous Coward]

Ha ha, they'll never get me, mine's on 172.16.x.1.

Re:

[Zmobie]

Could be .250 for the last octet... Mine is actually neither, but I have a custom setup thats not exactly standard.

Solution: install open source firmware

[wwalker]

There is absolutely no reason to keep using the stock firmware (other than laziness), and many reasons not to (see this story). If you don't know where to start: https://www.dd-wrt.com/wiki/in... [dd-wrt.com]

Re:

[bigbang137]

Does it support all the bells and whistles of the Netgear firmware? Or at least the ones having to do with wifi configuration? Is it at least just as stable with a large number of high-bandwidth clients? Is 802.11ac supported well?

Re:

[Zmobie]

DD-WRT actually has much better feature support than the stock firmware for most of the Netgear line. Their menu's are way easier to navigate too... Mine is very stable (been running for over a year on it) and from the research I've done anything in the R6000 and R7000 line is this way, and they absolutely support ac very well (dual bandwidth on mine, and newer versions actually support directional focusing if the hardware can handle it.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Highdude702]

If you can't afford a decent router from a decent company - then rent one from your ISP. At least then security and support issues will be your ISP's problem.

The problem is most ISP's don't give a fuck if you get hacked and they hand you some Netgear AIO modem/router thats garbage to start with and you cant even flash it because AIO devices aren't supported by ANY of the OSS firmware options. If your'e a consumer concerned with safety of your internet devices and don't have the knowledge/skill to find and flash a compatible router, than buy Buffalo Routers. Most of their routers come Pre-Installed with DD-WRT and yes they have a modified version but you can easi

Thankfully mine isn't vulnerable

[jonwil]

I have a Netgear DGN2200M and the exploit (as described in the article) doesn't work on my router thankfully.

http://<router_IP>/cgi-bin/;COMMAND

[Anonymous Coward]

Are you fucking kidding me?

My R7800 with firmware V1.0.2.12

[waspleg]

Is not effected. The CERT link is kind of crap but they have reference links at the bottom which have more meat including a PoF you can do easily (http://RouterIP/;telnetd$IFS-p$IFS'45' is supposed to open telnet on port 45).

FTFA references [exploit-db.com]

Re:

[Anonymous Coward]

You have to add /cgi-bin

http://RouterIP/cgi-bin/;telnetd$IFS-p$IFS'45'

Re:

[Anonymous Coward]

The PoC code is incorrect. Add /cgi-bin to the URL like in the example 2 lines above in description of vulnerability and it will most probably work. My R7000 with latest V1.0.7.2_1.1.93 is vulnerable. And yes, I'm not logged in already to the router website. The cgi-bin URL simply doesn't check for http auth.

Re:

[waspleg]

Thanks, I tested it again as you say and still got connection refused.

R8000

[paul.lavoie]

My R8000 running V1.0.3.4_1.1.2 (latest available) is vulnerable from the inside. However my inside network does not use the 192.x.x.x address space so good luck figuring out my inside interface IP.

Re:

[WD]

That's what WebRTC is for. After determine your computer's internal address, it's pretty trivial to guess (or bruteforce) your router's address.

Re:

[Anonymous Coward]

If I'm on your inside network, all I have to do is look at my gateway your router just gave me. How hard is that?

Re:

[b0bby]

My R8000 running V1.0.3.4_1.1.2 (latest available) is vulnerable from the inside. However my inside network does not use the 192.x.x.x address space so good luck figuring out my inside interface IP.

You don't need to bother trying to figure it out - as I posted above, on my R6400 there's a magic address which the router will grab and use for its interface. So all the malicious code needs is to try http://routerlogin.net/ [routerlogin.net] - if you're using one of the Netgears, that's the admin interface.

hardware vendors - your security isn't our concern

[Idisagree]

It damn well should be!

There needs to be a policing/standards body for ensuring secure hardware &software platforms/interfaces.

Basically testing for security compliance of any product that can communicate over a network.

I'll put it on my Santa wish list

Let Netgear management know

[bigbang137]

I encourage everyone to let Netgear management know what a great job they're doing: https://www.netgear.com/about/... [netgear.com] AFIK, their email address format is typically Firstname.Lastname@netgear.com.

I think we need government bricking

[BlueCoder]

I think a new law is needed making it legal for the government to hack devices/computers for the purposes of disabling them.

Furthermore internet enabled devices might necessitate an FCC mandated kill switch. I can see it using both a push and pull mechanism. Push where the devices are directly connected to the internet and pull from behind a firewall where the devices must periodically check an FCC site to see if it should disable itself in as graceful as way possible such as maybe disabling network connect

Re:

[Doctor_Jest]

Yeah, that'll work. It'll never be abused. :)

I'd rather not give the government the legal authority to remotely screw me over for "internet safety" or some such nonsense.

You get what you pay for

[DogDude]

Netgear is the McDonald's of routers. Personally, I only use Draytek [draytekusa.com] routers. Have had great success with them where Netgear, Linksys, D-Link, and Cisco have all failed miserably.

Netgear Issue page for CVE-2016-582384

[virtigex]

Netgear's ongoing response to this issue is at http://kb.netgear.com/00003638... [netgear.com]

Re:

[virtigex]

Also, you probably should not leave yourself logged into the router. I get a '401 unauthorized' when trying the exploit.

I use https all the time

[CodeC7]

Why should I worry?

Netgear firmware problem.

[Rufty]

I had a problem with a Netgear router not being able to remember DHCP to MAC assignments. This was a problem in the version of dnsmasq baked into the firmware, but that had been fixed in the current version of dnsmasq. So I called up technical support to ask if there was a later version of the firmware, or source code I could rebuild from. After about 40minutes of going through a completely useless script. ("No I won't click the start button, Debian doesn't have one, you insensitive clod.") I gave up and eB

Netgear just issued a fix via beta firmware

[djxl]

Netgear published on 12/13/2016 a beta firmware which claims to address the issue (haven't tested). As of this moment, the router will not, by default, prompt installation of beta firmware. http://kb.netgear.com/00003645... [netgear.com]

Re:I've got an R8000

[AvitarX]

Just go "enterprise", I got one of these https://www.ubnt.com/unifi/uni... [ubnt.com] with one of these https://www.ubnt.com/edgemax/e... [ubnt.com] for $150 or so total, it really lights up my whole house, doesn't have lots of network names for different wireless frequencies, easily isolated guest network, super long range, and if I really wanted, I could add an outdoor one and light up my backyard too.

It wasn't perfect (you need a computer with some weird java app to seup and update the setup), but overall, I'm very happy with my results, and it didn't cost me much extra over a mid-range router ($150 vs $75).

Re:

[FictionPimp]

I'd love to do that, only the ERL and ERL-X can't handle my 1gbps internet connection. They seem to top out in the 6-700 hundred range and the netgear router my ISP provided me can hit 860's.

Re:

[AvitarX]

Good to know.

I wonder if I'll ever get access to that speed (honestly, it seems unlikely, it's taken 3 years to get 15-25 mbps), hopefully by the time I do it will be only $50 for a router that can handle it though.

If you have any WiFi coverage problems, I'd still highly recommend a Unifi or two.

Re:

[FictionPimp]

Totally, I use 3 Unifi AC access points currently.

1 on the first floor
1 on the second floor
1 in the garage faced out to the back yard so the deck gets wifi.

I also use their cloud controller, it all works rather well.

Re:

[AvitarX]

Is the close controller the thing the call the "cloud key "?

What exactly does that do? The website is not very clear to me

Re:

[FictionPimp]

Basically it runs the Unifi controller on a tiny PoE device. The reason they call it 'cloud' is because they have a portal site you can use to access it anywhere in the world (if you enable it). But basically just a simple way to run the unifi controller.

Re:

[AvitarX]

Rather than on a computer, so it's always there basically?

Re:

[FictionPimp]

You got it.

Re:

[b0bby]

I can vouch for the AP-AC-LR - I'm using one with my old router (way down in the basement) and it's really improved the wifi situation. It this case I pretty much just told it the SSID & password of the existing router and that was it.

Re:

[AvitarX]

Yeah, that set-up is easy peasy phone app.

I had to install their app on a computer, and I think I need the same computer to update setting for anything past that.

I have 3 vlans, one for a VPN, one for normal use, and one unencrypted for guest access (simply so they don't need to ask the password), and I assume neighbor access too.

The very basic setup, one access point, one SSID can be done from a phone.

Tomato, dd-wrt

[raymorris]

> I don't know of any reliable alternatives to run as firmware.

It looks like Tomato supports your router, as does dd-wrt.

https://www.myopenrouter.com/b... [myopenrouter.com]

https://www.myopenrouter.com/d... [myopenrouter.com]

> As far as other brands, I dislike Linksys, especially since the Cisco and Belkin days. The quality is simply not there anymore. Anyone have a good recommendation?

Further up this page someone posted a link to recent routers recommended for Tomato.

The reason I have Cisco and Juniper firewalls

[raymorris]

I have a stack of Cisco and Juniper firewalls and routers, ASAs and ISRs. The reason I have them hooked up right now is I'm writing scripts to detect and exploit (at POC level) various vulnerabilities in them.

Some of the vulnerabilities have fixes available, some don't. There are reasons to spend a hundred times as much on a Cisco, but security isn't a very strong reason, compared to OpenWRT. I actually trust OpenWRT more than I trust my Cisco ASA, based on my twenty years of experience.

Lots of questions

[raymorris]

> You a pentester or writing a pentesting kit??

I write vulnerability assessment tools. It's a broader more than pentesting proper because we also find weaknesses that aren't strictly part of pentesting.

> You actually finding new gaps or just learning how to exploit known issues?

Mostly we're assessing issues that are known to some degree, sometimes we find undocumented weaknesses, sometimes we assess the impact of newly discovered vulnerabilities, and how potential mitigating or aggravating factors aff

Re:

[asvravi]

After trying all of the consumer routers and even Ubiquity Unifi, I finally settled on RouterBoard [routerboard.com]. Better performance/price ratio compared to even Ubiquity, with fine grained control over how it operates. Can be setup with a desktop application or a direct web interface. Rock solid setup and operation. This one is basically a wireless router, so it can be configured as your main router. But at just about $120, it is inexpensive enough to be configured and used for additional wireless access points spread a

Re:

[sumdumass]

This isn't a java/javascriipt or browser exploit.

It works by being able to send commands directly to the router as part of a url request. The router's web interface will process it unauthenticated as root.

I'm not sure how the malicious website would exploit it outside of presenting a link for you to click on as my understanding of web programing is limited to basic html and I need a cheat sheet at that. But it appears that this is within the web server inside the router so killing it off would negate the is

Re:

[wagnerrp]

You present the malicious URL as an or some other type that gets automatically loaded with the page. The user does not have to click anything, or even have javascript enabled.

Re:

[b0bby]

I have the R6400 - there's some magic address (like mynetgearrouter.net or something) which the router will use for itself so you don't need to know the ip address. If you can get dhcp and type that in, you can start to configure it. Makes a lot of sense really if you're trying to make things easy for the masses.

Re:

[agristin]

1.0.5.48_1.1.79 is vulnerable. As I had one laying around, plugged it in and it would execute code when I shot it the url.

Updated to V1.0.7.2_1.1.93 also vulnerable.

http://router-address/cgi-bin/... [router-address]'

Kills the httpd demon and doesn't allow remote execution (or web management) until rebooted, where router-adress is the netgear. That is work around enough.

Re:

[LVSlushdat]

DDWRT-I still have a WRT54GL in use as wireless bridge. I have several machines in the living room that don't do wifi, and I didn't want to run Cat5/6 out there so I set my old faithful WRT54GL up as a wireless bridge.. Works peachy..