CERT, a US Federal government agency tasked with cyber-security research, has issued an alert advising consumers to stop using various models of Netgear routers. These devices are subject to a trivially simple command injection exploit. Ars Technica has a nice overview of the matter.
Normally I’d have literally nothing to say about this, since it simply doesn’t impact us. Wanna know why it doesn’t impact us?
We don’t use a consumer router that runs closed source firmware. We don’t think that you should either. In fact, you probably shouldn’t let your friends and family use that junk either.
Perhaps this holiday season, and all of the travelling & visiting that goes along with it, presents an opportunity to help someone unsuspecting secure their home network.
When last we left this story our protagonist had returned the Cisco AP to BUY.COM leaving le maison du Graves without functional wifi for about two weeks. Fortunately I was out of town a lot during that period so it wasn’t much of an inconvenience. If anything it gave me some time to evaluate my options regarding replacement gear.
I’ve noted that whereas I had a lot of problems with 802.11n type wifi APs I’d previously had far fewer issues with 802.11g type hardware. Very recently I was reminded by someone who should know that 802.11a/b/g is more mature hardware than 802.11n. This certainly rings true as my very old Linksys WAP-54G ran for literally years with no problems at all.
There are myriad inexpensive consumer routers available that include wifi functionality, but far fewer freestanding wifi access points (AP.) I surmise that this is because every broadband connected home needs a router and wants a wifi AP, so a converged device is the most affordable approach to this marketplace. Yet in many ways it’s less than ideal.
The fact that your router and wifi access point are in one device makes that device a major possible single point of failure. It dies and your entire network goes down. While merely inconvenient for the kids coming home after school to play World Of Warcraft, it’s a whole different kind of failure if you’re a full-time home office worker who relies on internet access to be effective in your job.
This is part 2 in the continuing saga of my fight with replacing a dead Netgear WNR-2000 that had served a my wifi AP. Please recall that I just RMA’d the Cisco WAP4410N that was to be its replacement.
Firstly, I think that I was a very early adopter of both residential broadband and wifi. Linksys was the obvious leader in devices for this market. I bought a Linksys WAP-11 when they were brand new and fairly pricey. I wired it into my trusty Linksys BEFSR-41 4-port wired router. That device was fed by a Time-Warner Road Runner cable modem back in 1998.
One of the things that Santa brought over the holidays was a new Wifi access point. Back in November our Netgear router/AP just up and died. In fact, that was the third time in 18 months that the Netgear device has failed. It was twice replaced under warranty. On the occasion of this third failure it, and others of its kind, were not welcome to return….at any price.
I’m not a typical user. I’m an early adopter. I don’t mind putting in some effort to making something work up to its promised potential. I also like open source, but I just don’t see the value in running 3rd party software on a hobbled router platform. It’s just not good use of my time.