NETGEAR Support

NETGEAR Product Vulnerability Advisory: ReadySHARE

Was this article helpful?   Yes     No

This security advisory addresses the following CVE vulnerability: CVE-2015-3036.

NETGEAR is aware of a security vulnerability in the implementation of the ReadySHARE Print function. An attacker who is physically or wirelessly connected to your router’s local area network (LAN) can exploit this vulnerability to cause memory overflow on the router, which leads to the router crashing.

Only the ReadySHARE USB communication link is vulnerable to this attack. Attackers cannot use this vulnerability to gain access to your data or monitor your Internet activity. This memory overflow vulnerability also cannot be exploited by users connected to your router’s guest network—they must be connected to your LAN, which is protected by your password.

This memory overflow vulnerability affects the following products:

  • AC1450
  • D6300
  • D6300B
  • DEVG2020    
  • DGND4000    
  • EX6200          
  • EX7000          
  • JNR3210        
  • JR6150
  • LG2200D-1USNAS   
  • MVBR1210C-1BMCNS        
  • R6050
  • R6200
  • R6200v2
  • R6250
  • R6300v1        
  • R6300v2
  • R6700
  • R6900
  • R7000
  • R7500
  • R7900
  • R8000
  • WN3500RP
  • WNDR4300
  • WNDR4500v1
  • WNDR4500v2
  • WNDR4700
  • XAU2511

Firmware fixes are available for the following affected products:

  • AC1450
  • D6300
  • D6300B
  • EX6200          
  • EX7000          
  • JR6150
  • R6050
  • R6200
  • R6200v2
  • R6250
  • R6300v1
  • R6300v2
  • R6700
  • R6900
  • R7000
  • R7500
  • R7900
  • R8000
  • WNDR4500v2

NETGEAR strongly recommends that you update to the latest firmware as soon as a firmware fix is available for your product.

To download the latest firmware for your NETGEAR product:

  1. Visit the NETGEAR Download Center.
  2. Under Search for, select the check box next to Firmware/Software.
  3. Enter your model number in the search box and click the magnifying glass.
  4. Select your model from the drop-down menu.
    If you do not see a drop-down menu, make sure that you entered your model number correctly, or use the product drilldown to find your model.
  5. Click Release Notes under the most recent firmware version, which is the one closest to the top of the list.

Make sure that you are viewing release notes for a firmware version and not a software utility or an app such as the NETGEAR genie app. The title of the release notes page always begins with the words “Firmware Version.”

  1. Follow the instructions in the release notes to download and install the new firmware.

NETGEAR has no plans to fix the following affected products:

  • DEVG2020    
  • DGND4000    
  • JNR3210        
  • LG2200D-1USNAS   
  • MVBR1210C-1BMCNS        
  • WNDR4300   
  • WNDR4500v1           
  • WNDR4700   
  • XAU2511       

If your affected router does not have a firmware fix available and you regularly share your WiFi password, consider setting up a guest network on your router and restricting access to your LAN. For more information about setting up a guest network on your router, see your router’s documentation.

NETGEAR recommends that all users block unauthorized access to their home network. By default, NETGEAR routers are preconfigured with a random SSID (network name) and password. For your security, NETGEAR recommends that you change the preconfigured SSID and password, as well as the administrator password to the router setup page. Select strong passwords, change your passwords regularly, and never reuse a password.

You can also block unauthorized devices from the NETGEAR genie app or desktop application by tapping or right-clicking on the unauthorized device in the Network Map. For more information about the NETGEAR genie app, see www.netgear.com/home/discover/apps/genie.aspx.

The potential for attackers on your local network to crash your router remains if you do not follow the recommendations in this notification. NETGEAR is not responsible for any consequences that could have been avoided by updating your firmware or following security best practices as recommended in this notification.

We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.

It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.

To report a security vulnerability, visit https://bugcrowd.com/netgear

If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at techsupport.security@netgear.com

For all other issues, visit http://www.netgear.com/about/security/.

The security@netgear.com email address is no longer accepting messages and is no longer actively monitored. 

Last Updated:10/07/2019 | Article ID: 28393

Was this article helpful?

Yes No

This article applies to:

 How to Find Your Model Number

Read this article in another language:

Looking for more about your product?

Get information, documentation, videos and more for your specific product.

Can’t find what you’re looking for?

Quick and easy solutions are available for you in the NETGEAR community.

Ask the Community

Need to Contact NETGEAR Support?

With NETGEAR’s round-the-clock premium support, help is just a phone call away.

See Support Options

Complimentary Support

NETGEAR provides complimentary technical support for NETGEAR products for 90 days from the original date of purchase.

Contact Support

NETGEAR Premium Support

GearHead Support for Home Users

GearHead Support is a technical support service for NETGEAR devices and all other connected devices in your home. Advanced remote support tools are used to fix issues on any of your devices. The service includes support for the following:

  • Desktop and Notebook PCs, Wired and Wireless Routers, Modems, Printers, Scanners, Fax Machines, USB devices and Sound Cards
  • Windows Operating Systems (2000, XP or Vista), MS Word, Excel, PowerPoint, Outlook and Adobe Acrobat
  • Anti-virus and Anti-Spyware: McAfee, Norton, AVG, eTrust and BitDefender
Learn More
ProSUPPORT Services for Business Users

NETGEAR ProSUPPORT services are available to supplement your technical support and warranty entitlements. NETGEAR offers a variety of ProSUPPORT services that allow you to access NETGEAR's expertise in a way that best meets your needs:

  • Product Installation
  • Professional Wireless Site Survey
  • Defective Drive Retention (DDR) Service
Learn More

Where to Find Your Model Number

To find the model/version number, check the bottom or back panel of your NETGEAR device.

Select a product or category below for specific instructions.

N Routers

Nighthawk Routers

Powerline and Wall Plug Extenders

Cable and DSL Modem Routers

ReadyNAS Network Storage

Switches

Wireless Access Points

Other Business Products

Mobile Broadband