NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
R7000 password recall ... remote management
I am a bit upset , having received an e-mail from Netgear , that the security of my router may be compromised via the remote password management process . Getting answers from Netgear is a bit tedious and difficult . It seems to me that Netgear should be more easily available to answer questions and provide more detailed advice . It appears the only way to get answers or guidance is through the Netgear community ... I think I have concluded that I have nothing to be concerned about since my router is primarily used for Mac's ( IMac desktop and a MacBook laptop ) and the Sarfari browser . Safari does not support the "remote password recovery management " process. The NetGearGenie is set up on my Mac ... I do have one PC connected to the Wi-Fi router but that PC has no NetGearGenie installed .... Am I to assume that I should have no concern with the remote password management security risk for either my Mac's or the one PC ???
If that is the case , Netgear could have noted this "Safari" exclusion in their e-mail . Additionally , the firmware version for my router ( which is up to date ) is not the same firmware version noted in conjuction with Netgears security risk e-mail ; however Netgear does not make it clear that the security compromise is firmware specific ... Any answers or comments out there ????
7 Replies
storm1985 wrote:NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management
Actually, I think it's this one (link).
If I'm not mistaken, the vulnerability is not specific to Windows or OSX or even what browser you are using. But the vulnerability appears to require the attack to originate from within your own network, which implies that your computer or device must already be compromised through some other means (e.g. malware on your computer). From your compromised computer, an attacker can then launch on attack on your router to gain control of it unless you follow the two recommendations in the email:
- Enable password recovery under ADVANCED > Administration > Set Password on the R7000.
- Disable Remote Management under ADVANCED > Advanced Setup > Remote Management.
Because of the prerequisite (i.e. a compromised computer), I feel that the risk of this vulnerability is fairly low. If your computer is comprised, then it's already game over. I would definitely recommend keeping Remote Management disabled but you may be able to get away with leaving password recovery disabled.
This is strictly my personal opinion. Caveat emptor.
I am Andies13 ... being new to this forum I did not find a solution or answer to my original post . Trying to read and understand replies to my post I clicked on several items by mistake . I am still unsure as to whether or not I have an issue and/or whether my router has been compromised . It would be nice to get a response directly from Netgear .
