NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

rglindmeier's avatar
rglindmeier
Aspirant
Jun 22, 2016
Solved

Enable Password Recovery

I received the email regarding the security issue for my c6300BD.  The first recommended step is to set up password recovery.  However, when i open the Set Password page under the advanced tab in Net...
Advanced Features
Security
  • DarrenM's avatar
    DarrenM
    Jul 01, 2016

    Hello rglindmeier

     

    I have check with our support team and this was a the response I have got so it looks like you are ok.

     

    If the C6300 has letters after such as C6300BD, its an ISP locked device which we have no control over their FW. If you dont have the password recovery option in GUI then you are not affected. Vulnerability is only if you have the password recovery option which is available on latest C6300 (Retail) FW.

     

    DarrenM

rglindmeier's avatar
rglindmeier
Aspirant
Jun 28, 2016

Darren,

 

I wasn't trying to implement password recovery in case I forgot my password, although I understand that's what it's intended purpose is.  As stated in my original post, the reason I was trying to implement passwoard recovery is because of an email I received from Netgear regarding the security vulnerablility which affects my model as well as many others.  In the article referenced in the email, the first step in dealing with the security problem is to implement password recovery.  Why, I don't know, but that's what it said.  So, in the context of the security issue that I was emailed about, and knowing that my model is affected by the problem but apparently is not able to implement the recommended fix (password recovery), just what is it that Netgear recommends I do?

 

Russ

DarrenM's avatar
DarrenM
Sr. NETGEAR Moderator
Jul 01, 2016

Hello rglindmeier

 

I have check with our support team and this was a the response I have got so it looks like you are ok.

 

If the C6300 has letters after such as C6300BD, its an ISP locked device which we have no control over their FW. If you dont have the password recovery option in GUI then you are not affected. Vulnerability is only if you have the password recovery option which is available on latest C6300 (Retail) FW.

 

DarrenM

  • rglindmeier's avatar
    rglindmeier
    Aspirant
    Jul 01, 2016

    Thanks, Darren.  Good to know I'm not affected.  Not sure why I got the email in the first place, but at least now I can get this off my desk and move on.  Thanks again for the assistance.

     

    Russ

  • tlluke's avatar
    tlluke
    Aspirant
    Jul 23, 2016

    I have a retail C6300 which I purchased at Best Buy, and I do not have the Password Recovery check box.  How do I mitigate the vulnerability which Netgear informed me of?  And when will the permanent firmware fix be available?

  • DarrenM's avatar
    DarrenM
    Sr. NETGEAR Moderator
    Jul 25, 2016

    Hello tlluke

     

    What is the firmware version that your C6300 is running?

     

    DarrenM

  • tlluke's avatar
    tlluke
    Aspirant
    Jul 25, 2016

    V1.02.21  

     

    Thanks for the help!

  • DarrenM's avatar
    DarrenM
    Sr. NETGEAR Moderator
    Jul 25, 2016

    Hello tlluke 

     

    Your modem is not affected only C6300 using v2.01.14 so you will have to do this if your ISP upgrades the firmware to that version.

     

    DarrenM