NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
R7000 password recall ... remote management
I am a bit upset , having received an e-mail from Netgear , that the security of my router may be compromised via the remote password management process . Getting answers from Netgear is a bit tediou...
If I'm not mistaken, the vulnerability is not specific to Windows or OSX or even what browser you are using. But the vulnerability appears to require the attack to originate from within your own network, which implies that your computer or device must already be compromised through some other means (e.g. malware on your computer). From your compromised computer, an attacker can then launch on attack on your router to gain control of it unless you follow the two recommendations in the email:
- Enable password recovery under ADVANCED > Administration > Set Password on the R7000.
- Disable Remote Management under ADVANCED > Advanced Setup > Remote Management.
Because of the prerequisite (i.e. a compromised computer), I feel that the risk of this vulnerability is fairly low. If your computer is comprised, then it's already game over. I would definitely recommend keeping Remote Management disabled but you may be able to get away with leaving password recovery disabled.
This is strictly my personal opinion. Caveat emptor.