Our supplier has identified a potential issue with a fibre bearer which holds some backup links to our Huntingdon Data Centre. They are making a config change to correct this overnight.
As these are backup links it should not have a significant impact but there is some chance of packet loss as the link drops / returns as the network re-converges.
We will update this post as the work progresses
Good morning.
Whilst we don’t supply Netgear routers, we know that a number of our customers use them, so wanted to ensure you were aware of potential vulnerabilities that need to be addressed via a firmware update.
The list of (so far) affected models is below. You or your IT specialist should ensure that you update as soon as possible to mitigate any risks.
List of NETGEAR Routers At Risk
DGN2200v4
R6100
R6220
R6250
R6300v2
R6400
R6400v2
R6700
R6900
R6900P
R7000
R7000P
R7100LG
R7300DST
R7500
R7500v2
R7800
D7800
R7900
R8000
R8300
R8500
D8500
WNDR3400v3
WNDR4500v2
EX6200v2
The Five Vulnerabilities
TWSL2018-002: Password Recovery and File Access
Some routers allow arbitrary file reading from the device provided that the path to file is known. Total of 17 products are affected.
TWSL2018-003: Finding 1: Post-Authentication Command Injection
This one affects six products and reflects a root level OS command execution via the device_name parameter on the lan.cgi page, although the attack requires authentication.
TWSL2018-003: Finding 2: Authentication Bypass
This also affects large set of products (17) and is trivial to exploit. Authentication is bypassed if “&genie=1” is found within the query string.
TWSL2018-003: Chained Attack: Command Injection
This is a three-stage attack leveraging three separate issues: CSRF token recovery vulnerability and the two findings in TWSL2018-003. As a result, any user connected to the router can run OS commands as root on the device without providing any credentials.
TWSL2018-004: Command Injection Vulnerability on D7000, EX6200v2 and Some Routers
Only 6 products are affected, this allows to run OS commands as root during short time window when WPS is activated.
Further to the outage yesterday and the corrective work by the carrier we will attempt to bring the link that failed back into service this evening. If all works to plan there may be a brief network disruption while the network reconverges. If the link fails again we will remove it from the network and continue work with our supplier.
The link was brought on line approx 12:30am this morning – However the previous issue re-occurred. This has been raised to the supplier who believe this is resolved this correctly now, We will plan a further maintenance shortly to bring the link back into service. In the mean time there is no reduction to service – but there is a slight reduction in resilience to our Manchester PoP
RESOLVED: 13:14pm
We are not aware of any ongoing issues now and believe that the cause of this problem has been identified and remedial action taken. Once again, apologies to anyone affected this morning.
UPDATE:
We have removed one of the backhaul lines from our network as this appears to be causing routing issues; we are seeing the majority of the affected lines coming back to their normal latency and response times.
We will continue to update here and apologise again for this affecting you at the start of the working week.
We are aware of an as yet unidentified issue affecting large numbers of our circuits leading to slow-downs, poor quality links and high latency. We are working on this now and will update here as soon as we have more information to share. We apologise that this is affecting you on a Monday morning.