XR700 Certificate disclosure vulnerability

[Guest Killhippie]

Associated CVE IDs: None

NETGEAR is aware of a Transport Layer Security (TLS) certificate private key disclosure vulnerability on the following product models:

• R8900
• R9000
• RAX120
• XR700*

These products use Certificate Authority-signed certificates to provide secure HTTPS access to the router web interface. You might see a security certificate error or warning when you try to access your router’s web interface using HTTPS.

NETGEAR plans to release firmware hotfixes for all affected products as soon as possible.

Until a firmware fix is available for your product, NETGEAR recommends that you:

Use the NETGEAR Nighthawk app.

Instead of using HTTPS, log in to your router’s web browser interface using HTTP to login in
 

https://kb.netgear.com/000061582/Security-Advisory-for-Signed-TLS-Certificate-Private-Key-Disclosure-on-Some-Routers-PSV-2020-0105

[Guest Killhippie]

Well Netgear have patched the R8900 and R9000 nothing about the XR700 or the RAX120 yet, but they will be patched at some point. It turns out they left TLS certificates in plain text in the firmware so anyone could read them...

https://kb.netgear.com/000061582/Security-Advisory-for-Signed-TLS-Certificate-Private-Key-Disclosure-on-Some-Routers-PSV-2020-0105 

[UK_Wildcats_Fans]

Beta hot fix

https://kb.netgear.com/000061714/XR700-Firmware-Version-1-0-1-24-Hot-Fix

[Guest Killhippie]

On 2/19/2020 at 2:56 AM, UK_Wildcats_Fans said:

Beta hot fix

https://kb.netgear.com/000061714/XR700-Firmware-Version-1-0-1-24-Hot-Fix

Should this not be up as the new firmware for XR700 in the firmware info board. 1.0.1.24  is the latest firmware with a security fix for the rather idiotic certificate issue that caused most browsers to block the previously leaked one.

[Netduma Fraser]

2 hours ago, Killhippie said:

Should this not be up as the new firmware for XR700 in the firmware info board. 1.0.1.24  is the latest firmware with a seciurity fox for the rather idiotic certificate issue that caused mopst browsers to block the previously leaked one.

I did think that was a bit strange, I can only assume they don't want hot fixes in the official download section.

[Guest Killhippie]

8 minutes ago, Netduma Fraser said:

I did think that was a bit strange, I can only assume they don't want hot fixes in the official download section.

What is odd is the RAX120 Hotfix is in the main download area .https://www.netgear.com/support/product/RAX120.aspx#download where as the XR700 isnt as you say  https://www.netgear.com/support/product/XR700.aspx#download

Maybe worth linking to it for up for people as it wont auto update to it, another weird thing that Hotfixes dont do, Fraser. The oddities of Netgear hey. 

[Netduma Fraser]

4 minutes ago, Killhippie said:

What is odd is the RAX120 Hotfix is in the main download area... Maybe worth putting it for people as it wont auto update to it, another weird thing that Hotfixes dont do, Fraser. 

No worries, I've asked them to do this!

[Xalint1]

I was one of the beta testers of xr700 so have been through several firmwares each have their bugs. The hotfix 1.0.1.24 seems to have problems with allow access to ready share files. I had to unfortunately go back to 1.0.1.20.  If that small bug was fixed I would of stayed on that firmware it actually seem to fix the dashboard and a couple other UI issues.