Does the new Netgear vulnerability affect dd-wrt?

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
jonnycat
DD-WRT Novice


Joined: 01 Dec 2013
Posts: 4

PostPosted: Mon Jan 02, 2023 18:08    Post subject: Does the new Netgear vulnerability affect dd-wrt? Reply with quote
Does anyone know if the recent pre-authentication buffer overflow security vulnerability announced by Netgear affects routers using dd-wrt?
Sponsor
PaulGo
DD-WRT User


Joined: 01 Dec 2021
Posts: 289
Location: Maryland, United States

PostPosted: Mon Jan 02, 2023 18:21    Post subject: Reply with quote
For my R7000P the Netgear firmware that was patched came out over seven months ago and Netgear in October. 2022 releases another firmware update that resolved additional security issues. For resolving security issues, DD-WRT corrects issues much sooner than Netgear.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Fri Jan 06, 2023 2:46    Post subject: Reply with quote
The thing that you are missing is that DD-WRT is different firmware, ie the code is different, so the bugs will be different... it would only be if the packages used contain the same flaw, ie both using same ssh libraries or something to that effect
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Fri Jan 06, 2023 18:41    Post subject: Reply with quote
Netgear is not disclosing enough details (as usual). No idea what was the offending code or what was patched.

Quote:
Associated CVE IDs: None

First published: 12/28/2022

NETGEAR has released fixes for a pre-authentication buffer overflow security vulnerability on the following product models:

You could spend all day chasing down 2- and 3- year old CVEs releated to "pre-authentication buffer overflow security vulnerability" alone, then examine affected packages and code that may or may not be included in DD-WRT... seems people lack depth of research but are quick to Chicken Little things.

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
jonnycat
DD-WRT Novice


Joined: 01 Dec 2013
Posts: 4

PostPosted: Mon Jan 09, 2023 17:49    Post subject: Reply with quote
Wildlion wrote:
The thing that you are missing is that DD-WRT is different firmware, ie the code is different, so the bugs will be different... it would only be if the packages used contain the same flaw, ie both using same ssh libraries or something to that effect


Thanks Wildlion, I was hoping that was the likely case in this situation.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum