Yesterday, I was going to watch the live stream of Security Now on TWiT TV using YouTube. When I heard about the update for Netgear router, Steve Gibson said that anyone with a Netgear router should update their router in order to address critical vulnerability, so I did. The Netgear app told me there is an error updating the router and asked me to try again. I began troubleshooting and I went into the list of Wi-Fi networks in my smartphone. I saw that the router is not able to provide Internet connectivity, so I tried to log into the Wi-Fi network again. Then, I went back into the Nighthawk app, update again, and now the Nighthawk app failed to connect to my family’s network.
I went over to my family’s router and I saw that the power LED started blinking about every 1 second. The amber light stayed lit for only a tenth of the second or less. Sometimes the light blinks just a little faster. I tried unplugging the power cord, held down the reset button for 30 seconds, plug it back in while holding down the reset button for another 30 seconds, and once I plug it back in, the power and Ethernet lights started blinking alternately, each light staying on for half a second. Even after 30 seconds have passed and I released the reset button, the lights keep alternating and it seems like the router does not restore back to original factory. I mean, it does nothing after I let go of the reset button after 30 seconds.
So, regardless of whether the power/Ethernet lights alternate or if the power light flashes, I did some research and I found out that I can make use of TFTP server and pushed the R6120 firmware image to the router. I bought my laptop over to my family’s computer room/home office, plugged in the Ethernet cable to any of the four LAN ports, and configured my laptop to use 192.168.1.10/24. The ping to 192.168.1.1 is unsuccessful, so I am out of luck.
So, I took the liberty of getting my mom’s wireless back up and running using a Comtrend router as a backup. The Comtrend router has DSL built-in, so my mom’s Netgear connects to the Comtrend DSL router. I also connected my home server to my mom’s Comtrend router via means of powerline adapter. My home server runs pfSense inside a virtual machine and Debian as a bare-metal host, so my network is separate from my family’s network. Yes, this creates a double-NAT; however, we have no problems with the kind of setup so far.
It’s not like I went to Netgear’s website, downloaded the wrong image, and then brick the router in the process! No! I updated right from the Netgear Nighthawk app that connects to the router without any problems and I bricked my family’s router by performing an update. I mean, why? Why must an update from Netgear’s server brick my family’s router in the process?
In any case, even though I’m going to expect to take the blame for what I’ve done to my mom’s router, I have taken the liberty to write a letter explain to my family regarding what happened during my birthday afternoon (11/23). I had my family buy a wireless router a couple of months ago (probably earlier than summer). The reason why is so my family does not have to reconfigure the wireless devices again when Consolidated Communications replaced the Comtrend router with the same DSL router but with different SSID and password. For example, whenever my family decided to upgrade to 25Mbps from 7Mbps, Consolidated Communications sent my family a new router and I’ve had to reconfigure the wireless router with the same SSID and password; hence, why I got my family to buy a Netgear router so my family does not have to deal with changing wireless network settings in the first place.
So, in the future, in order to prevent bricking my family’s router again, I have decided not to keep my family’s router up-to-date. Yes, this will bring in more critical vulnerabilities into my family’s network if a malicious JavaScript decides to perform any exploits against the router, but at least what I can do is educate my family regarding the dangers of vulnerabilities. I’m the head of an IT department for my family and educating is all I can do from now on. Yes, I’ll take full responsibility for not updating my family’s router, but what can I do!? I’ve got to keep my family’s network and their devices safe.
Once again, I still cannot understand how can performing an update brick my family’s router. It should be painless, but it’s not.
This is the Security Now edisode that I am referring to regarding the Netgear router.