NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
R8000P vulnerabilities http_basic_auth, weak_password
AT&T give me the message below; is AT&T correct? If so, can the R8000P be fixed? Device R8000P Description There were 2 vulnerabilities found on your R8000P. The vulnerabilities are htt...
Great questions and the answers are the usual in part and atypical in part. Firmware is latest as of this post, and if Netgear releases revised new firmware then I will probably allow it to be installed. ATT-T's scanning software is ATT default (i.e., included not extra each month) ActiveArmor software. Netgear hardware is configured as access point (i.e., dhcp server disabled). I am curious about what exactly AT&T is identifying.
unlisted wrote:
Firmware is latest as of this post, and if Netgear releases revised new firmware then I will probably allow it to be installed.
There is a clue in there as to why claims of "latest" are not much help.
If you rely on "allow it to be installed" there is a risk that it is not the latest. Only the version number tells us what is really going on at your end.
Apps and the GUI interface are famously good it missing updates. People making those claims can be years out of date.
ATT-T's scanning software is ATT default (i.e., included not extra each month) ActiveArmor software. Netgear hardware is configured as access point (i.e., dhcp server disabled). I am curious about what exactly AT&T is identifying.
There's a lot going on in there, apart from knowing nothing about what you mean by "ATT default". All of it open to misunderstanding.
For example, access point is not the same thing as "dhcp server disabled", in the same way that people turn up here thinking that turning off the wireless disables a router.
The people who respond to problems that arrive here have seen hundreds of messages. They are familiar with the common issues that can gum up a network. Their questions are based on dealing with those problems. If they don't get clear answers they may more on to the next fresh message.
As to your question, ask AT&T. It should know all about the false positives that it can create.
- It does make for an interesting challenge for the gurus, doesn't it? The post contains all the information that AT&T provides.
What password is ATT referring too? The routers default password or the one you input during the setup of the router?
If you haven't changed the default admin log in password to something else or used a more complex admin PW, then that would need to be effected by you. The default admin log in password out of the box, can't be changed as that is a initial setup password only, hard coded by NG. Users are required to change it during the setup routine to something different.
Again, probably false positive or false negative, however you need to look at it.
- AT&T did not specify which password alarmed it. Hopefully ATT lacks the ability to read any password (default or complex) in the first place!
