Community Forum

Netgear C6300 Modem/Router Combo Firmware Update Required - Remote Exploit Discovered

New Poster

Netgear C6300 Modem/Router Combo Firmware Update Required - Remote Exploit Discovered

This posting is in regard to the Netgear C6300 (AC1750) combination cable modem and router:

 

https://www.netgear.com/support/product/C6300

 

This is my own personal equipment on Comcast's network.

 

It was recently discovered that there are some vulnerabilities in the firmware/software on this device (version 2.01.14)

 

Since this is a cable modem device (in addition to a router), I have been told that the firmware update is meant to come from the ISP (Comcast/Xfinity) via DOCSIS:

 

https://community.netgear.com/t5/Cable-Modems-Routers/firmware-update-c6300-ac1750/td-p/1059268

 

My firmware version is: V2.01.14 and is not the latest version available.  Furthermore, there are known exploits against this firmware version, per these articles:

 

https://it.slashdot.org/story/17/01/31/1425259/netgear-exploit-found-in-31-models-lets-hackers-turn-...

https://thenextweb.com/gadgets/2017/01/31/netgear-vulnerability-router-bypass/

https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521--Bypassing-Authentication-on-NETGE...

http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability?cid=wmt_ne...

 

The last link (the one on netgear.com) mentions the following:

 

NETGEAR has also released firmware that fixes the web password recovery vulnerability for the following cable modem router:

  • C6300

For cable products like the C6300, new firmware is released by your Internet service provider after NETGEAR releases it to them. The firmware fix for the C6300, firmware version 2.01.18, has been released to all service providers.

 

 

My question for Comcast/Xfinity is:  When will your network be rolling out the firmware updates to 2.01.18 for my type of device, and how soon can I initiate this process?  What actions are required on my end?

 

Thank you.

 

Diamond Problem Solver

Re: Netgear C6300 Modem/Router Combo Firmware Update Required - Remote Exploit Discovered

Concern / question moved here from home networking for greater exposure / escalation to actual Comcast employees for an answer.

Admin1

Re: Netgear C6300 Modem/Router Combo Firmware Update Required - Remote Exploit Discovered

Hi rantk81 -- You are correct that firmware updates are provided by your ISP. We push these updates to modems as we get them from the manufacturer. The newest firmware update would have been pushed out per its release. Firmware updates can be held up if there are poor or out of spec signal issues present on your account. Your account health does show a poor level that could be preventing your modem from receiving this update. It is recommended to have a tech come correct this issue in order to allow your modem to receive this update. I can schedule one for you and would need to know days/times that work best for you. 

New Poster

Re: Netgear C6300 Modem/Router Combo Firmware Update Required - Remote Exploit Discovered

I also have the same Netgear C6300 Modem/Router with firmware version v2.01.14. According to Netgear, the newer, secure version is v2.01.18. My router still shows that I have the older version of firmware. I have had the router since June of last year. I pay for 25 Mbps. I called Comcast on Friday trying to inquire about the firmware upgrade. Eventually I was transferred to level 3 tech support. After being on hold for what seemed like a long time, I was disconnected. Is there a problem with my account as well, that would prevent my modem from updating? Thank you for your help.

Admin1

Re: Netgear C6300 Modem/Router Combo Firmware Update Required - Remote Exploit Discovered

Jacoby365 -- I reviewed your account however I'm not seeing anything out of the ordinary. Given your modem did a recent reset so it may not be showing all accurate information yet. 

New Poster

Re: Netgear C6300 Modem/Router Combo Firmware Update Required - Remote Exploit Discovered


ComcastZach wrote:

Hi rantk81 -- You are correct that firmware updates are provided by your ISP. We push these updates to modems as we get them from the manufacturer. The newest firmware update would have been pushed out per its release. Firmware updates can be held up if there are poor or out of spec signal issues present on your account. Your account health does show a poor level that could be preventing your modem from receiving this update. It is recommended to have a tech come correct this issue in order to allow your modem to receive this update. I can schedule one for you and would need to know days/times that work best for you. 




@ComcastZach - Thank you for your reply.  I have some followup:

 

1. Can you confirm whether or not Comcast has rolled out the x.x.18 version of the Netgear firmware in my region?

 

2. If the version was rolled out, will my modem automatically pick it up at some point? Or was it a "one-time-thing" that my modem perhaps "missed the window of opportunity for update" due to temporary "account health" issues?

 

3. If the update was a one-time-thing, is there a way I can request that the update be tried again?

 

4. Attached are screenshots that show the power levels and signal-to-noise ratios for my mode. They look excellent to me. Can you elaborate on why you think there is something wrong with my "account health"?

 

Thank you.

 

 

 

 

ss1.png
ss2.png
New Poster

Re: Netgear C6300 Modem/Router Combo Firmware Update Required - Remote Exploit Discovered

Update: I just refreshed my router's web interface JUST NOW, and it is showing V2.01.18 right now.  Wow, that was a fast response, or a very big coincidence!

 

Thank you! Smiley Happy

 

 

Admin1

Re: Netgear C6300 Modem/Router Combo Firmware Update Required - Remote Exploit Discovered

rantk81 -- Yes, V2.01.18 has rolled out. I've confirmed what you are seeing that your modem does have this firmware loaded. Your modem would automatically pick this up. 

 

The report I'm getting back from your account health shows this: 

While all your other levels show in Green, this one shows in Red indicating there is an issue present. 

 

Regular Visitor

Re: Netgear C6300 Modem/Router Combo Firmware Update Required - Remote Exploit Discovered

Hello 

 

I have the same issue for my modem router which NETGEAR C6300.  I am using this modem as brandnew, but the firmware is still with version V1.05.05 and not been updated. Based on some forum updates, I had power cycled but no luck. can you please help to push the latest firmware?