Equipment (Modems,Gateways)
Modems, Gateways, and Networking Devices
Male IT Specialist Holds Laptop and Discusses Work with Female Server Technician. They're Standing in Data Center, Rack Server Cabinet is Open.
Highlighted
New Member

CG3000DCR - Fixing SSL vulnerabilities

Hello:

 

We routinely scan all of our external points of presence for network vulnerabilities and wonder how Comcast handles remediating vulnerabilities that have been identified?  What is the reporting mechanism for customers to get this information to Comcast for remediation?  

 

We are running a CG3000DCR, with firmware V1.33.03.  The curent vulnerabilties that have been identified by our scanner are:

 

  • CVE-2014-0224
  • SSL Connection: Weak Ciphers Enabled
  • SSL Connection: SSL Version 2 Enabled
  • SSL Certificate: Chain Contains Weak RSA Keys

Please advise as to how we can get these items remediated.

 

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
New Member

Re: CG3000DCR - Fixing SSL vulnerabilities

Thanks, Comcast_John.  We'll give the firmware upgrade a try.  I've read about some issues with 1.34.04 in this forum:  Is this a stable build?

View solution in original post

0 Kudos
3 REPLIES 3
Highlighted
Trusted Forum Contributor

Re: CG3000DCR - Fixing SSL vulnerabilities

I do not have a specific answer as to how each of those issues could be fixed, but i will say that your device's firmware 1.33.03 is close to a year old; the current version is 1.34.04, i believe.

 

Perhaps Comcast_Jon/Comcast_John could provide more insight as to whether these issues are addressed in later firmware revisions.

0 Kudos
Highlighted
Community Manager
Community Manager

Re: CG3000DCR - Fixing SSL vulnerabilities

HI AFCU.  Any issues or problems with your service can be handled by the Business SErvice Center @ 1-800-391-3000.

I contacted the Equipment Engineering Team for assistance on this issue.  They recommend updating the Firmware to  version 1.34.04 and retest.  To get the latest  version you can power down the Netgear for at least 2 minutes, the latest version will download your device.  If the device still shows your old version please let me know. 

Thank You

0 Kudos
Highlighted
New Member

Re: CG3000DCR - Fixing SSL vulnerabilities

Thanks, Comcast_John.  We'll give the firmware upgrade a try.  I've read about some issues with 1.34.04 in this forum:  Is this a stable build?

View solution in original post

0 Kudos