Full Disclosure mailing list archives

By Date By Thread Re: Netgear GS105Ev2 - Multiple Vulnerabilities From: Nick Boyce <nick.boyce () gmail com>

Date: Fri, 4 Mar 2016 16:21:57 +0000

On 8 February 2016 at 21:23, I wrote: On 27 January 2016 at 15:56, Benedikt Westermann <benedikt.westermann () i-sec tuv com> wrote: # Multiple Vulnerabilities - Netgear GS105Ev2 [...] Firmware version: 1.3.0.3,1.4.0.2 [...] Status: unfixed The Netgear website [1] shows that a new version of the firmware was released 2 days after your FD post - version 1.4.0.6. The release notes [2] for the new version don't refer to these security issues in any way (instead they mention three fairly minor-sounding bugs fixed). Have you had a chance to test the new version yet, and if so can you say whether - despite Netgear's stated stance of WONTFIX - any of the security issues you report here are fixed by it ? JFTR, on 10th.Feb Benedikt replied to me off-list as follows: thank you for the info. I just checked it, nothing changed. All exploits still work like charm on 1.4.0.6 :-( Thanks Benedikt. Now that end hosts have been thoroughly analysed by vendors and researchers alike, perhaps networking equipment is the new frontier (cf: operating systems vs applications). The dire state of the quality of the software embedded in comms hardware, for both home and business use, is emerging from the fog to become the elephant in the room. We seem to be caught between the rock of sheer incompetence and the hard place of possible government agency influence (Juniper ...). I wonder whether Netgear will be next (after Asus) to be slapped by the US Federal Trade Commission for foisting badly conceived and implemented CPE products on hapless and unsuspecting consumers .... http://www.theregister.co.uk/2016/02/23/asus_router_flaws_settlement/ Cheers, Nick Boyce _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: Re: Netgear GS105Ev2 - Multiple Vulnerabilities Nick Boyce (Mar 04) <Possible follow-ups> Re: Netgear GS105Ev2 - Multiple Vulnerabilities Benedikt Westermann (Mar 09)

Nick Boyce (Mar 04)