NETGEAR is aware of a security issue that can allow a client to insecurely renegotiate a remote connection encrypted with TLS or SSL after the initial handshake, allowing denial of service (DoS) using SSL renegotiation.
This vulnerability affects the following NETGEAR firewalls:
- SRX5308
- FVS336Gv3
- FVS318N
- FVS318Gv2
To prevent this issue, NETGEAR strongly recommends that you download the latest firmware version for your affected NETGEAR device.
Click the link for your model below to view release notes and download the latest firmware version, 4.3.4-2, which fixes the SSL renegotiation DoS vulnerability:
Note: If the recommended steps are not completed as described, the potential for DoS attacks through insecure renegotiation of encrypted remote connections remains. NETGEAR is not responsible for any consequences that could have been avoided by downloading the latest firmware as recommended.
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
To report a security vulnerability, visit https://bugcrowd.com/netgear.
If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at techsupport.security@netgear.com.
For all other issues, visit https://www.netgear.com/about/security/.
The security@netgear.com email address is no longer accepting messages and is no longer actively monitored.
Last Updated:04/27/2023
|
Article ID: 31426