NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
R7000 & R6400 Vulnerability Note VU#582384
[When I created this post, I wasn't aware of the 2 discussions already on this topic: Two leading Netgear routers are vulnerable to a severe security flaw R7000 Vulnerability Note VU#582384] ...
Hi All,
The Security Advisory for VU 582384 has been updated.
Also, for more information and update see the thread below.
Hi
Just update firmware of my R7000 Router to beta 1.0.7.6 and would like to know if others also experience the following behaviour (used MS Edge for testing):
1. Go to router start page (in my case 192.168.1.1) and click cancel, meaning do not enter username and password
2. Enter the poc url http://192.168.1.1/cgi-bin/;telnetd$IFS-p$IFS'45' into the address bar and click cancel when it asks for username and password. 404 not found message appears
3. Entering again router start page 192.168.1.1 doesn't ask for username and password know and I am automatically logged in to the management console?!
Is this working as desgined or still a bug in the beta firmware?
I do recall a similar experience with Chrome browser right after I updated to the beta firmware. As ElaineM said, it probably was a cached page. That was my immediate guess when I saw my router showed me the administration page without loggin in, and I re-started my brower and then was asked to log into the router.