Joined: 01 Dec 2021 Posts: 289 Location: Maryland, United States
Posted: Mon Jan 02, 2023 18:21 Post subject:
For my R7000P the Netgear firmware that was patched came out over seven months ago and Netgear in October. 2022 releases another firmware update that resolved additional security issues. For resolving security issues, DD-WRT corrects issues much sooner than Netgear.
The thing that you are missing is that DD-WRT is different firmware, ie the code is different, so the bugs will be different... it would only be if the packages used contain the same flaw, ie both using same ssh libraries or something to that effect
Netgear is not disclosing enough details (as usual). No idea what was the offending code or what was patched.
Quote:
Associated CVE IDs: None
First published: 12/28/2022
NETGEAR has released fixes for a pre-authentication buffer overflow security vulnerability on the following product models:
You could spend all day chasing down 2- and 3- year old CVEs releated to "pre-authentication buffer overflow security vulnerability" alone, then examine affected packages and code that may or may not be included in DD-WRT... seems people lack depth of research but are quick to Chicken Little things. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
The thing that you are missing is that DD-WRT is different firmware, ie the code is different, so the bugs will be different... it would only be if the packages used contain the same flaw, ie both using same ssh libraries or something to that effect
Thanks Wildlion, I was hoping that was the likely case in this situation.