Jump to content
Guest Killhippie

XR700 Certificate disclosure vulnerability

Recommended Posts

Guest Killhippie

Associated CVE IDs: None

NETGEAR is aware of a Transport Layer Security (TLS) certificate private key disclosure vulnerability on the following product models:

  • R8900
  • R9000
  • RAX120
  • XR700*

These products use Certificate Authority-signed certificates to provide secure HTTPS access to the router web interface. You might see a security certificate error or warning when you try to access your router’s web interface using HTTPS.

NETGEAR plans to release firmware hotfixes for all affected products as soon as possible.

Until a firmware fix is available for your product, NETGEAR recommends that you:

Use the NETGEAR Nighthawk app.

Instead of using HTTPS, log in to your router’s web browser interface using HTTP to login in
 

https://kb.netgear.com/000061582/Security-Advisory-for-Signed-TLS-Certificate-Private-Key-Disclosure-on-Some-Routers-PSV-2020-0105

Share this post


Link to post
Share on other sites
2 hours ago, Killhippie said:

Should this not be up as the new firmware for XR700 in the firmware info board. 1.0.1.24  is the latest firmware with a seciurity fox for the rather idiotic certificate issue that caused mopst browsers to block the previously leaked one.

I did think that was a bit strange, I can only assume they don't want hot fixes in the official download section.

Share this post


Link to post
Share on other sites
Guest Killhippie
8 minutes ago, Netduma Fraser said:

I did think that was a bit strange, I can only assume they don't want hot fixes in the official download section.

What is odd is the RAX120 Hotfix is in the main download area .https://www.netgear.com/support/product/RAX120.aspx#download where as the XR700 isnt as you say  https://www.netgear.com/support/product/XR700.aspx#download

Maybe worth linking to it for up for people as it wont auto update to it, another weird thing that Hotfixes dont do, Fraser. The oddities of Netgear hey.  :)

Share this post


Link to post
Share on other sites
4 minutes ago, Killhippie said:

What is odd is the RAX120 Hotfix is in the main download area... Maybe worth putting it for people as it wont auto update to it, another weird thing that Hotfixes dont do, Fraser.  :)

No worries, I've asked them to do this!

Share this post


Link to post
Share on other sites

I was one of the beta testers of xr700 so have been through several firmwares each have their bugs. The hotfix 1.0.1.24 seems to have problems with allow access to ready share files. I had to unfortunately go back to 1.0.1.20.  If that small bug was fixed I would of stayed on that firmware it actually seem to fix the dashboard and a couple other UI issues. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...