NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Web GUI Password Recovery and Exposure Security Vulnerability
I would like to point out to Netgear that their password recovery options are woefully insecure. I followed their advice to turn on Password Recovery but immediately aborted, Every single question ca...
Hi All,
Here is the KB article for the said vulnerability. You can check for the specific model number that is affected.
THIS IS A SCAM--IGNORE IT
I was on the phone with Tech Support to confirm the vulnerability and was informed the current email circulating about the vulnerability did not come from Netgear and is a scam!!! I must have asked him 10 times to be certain.
Does Netgear's left hand know what the right hand is doing????
The email account from which it came has been closed.
That sounds believable but the original warning is posted by the Community Manager (ChristineT) on this very site: https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability/m-p/1104237#M34308 So if Support is telling you it is scam they better check employee badges because they've been infiltrated.
Well the "Official" Poster may have received the email and is not invulnerable to a scam. Would be nice to get a definitive answer.
As you can see I have never posted here previously but registered today after speaking to Tech Support. Was shocked to see the "badges"'s: OP.
I am still genuinely concerned about this issue.
Support may be misinformed but I doubt they have been infiltrated.
Does The CM Monitor all threads?
Just saw the email contents in The Security Advisory Section.
Nice of them to send me an email two months after the fact.
Looks like someone at Tech Support doesn't know what he's talking about.
I have no checkbox to enable PW recovery -- any suggestions.
To me it sounds so counter-intuitive to plug a security vulnerablity by enabling PW recovery.
hawki wrote:THIS IS A SCAM--IGNORE IT
I was beginning to feel deprived. I haven't seen this email.
My first thought whenever I see one of these message is scam.
If I want to do anything, I go to find the official source. I certainly don't start slagging off whoever is supposed to be the source of the email.
After all, would you ever follow the advice in emails from your bank?
I considered Netgear's Telephone Tech Support to be a reliable source. They told me to ignore the email because it was a scam. That was my mistake.
The Community Manger has confirmed that the email is valid.
I have no checkbox in my GUI to enable "Enable PW Recovery."
I received the email TWO MONTHS after the vulnerability was discovered.
The information is posted on Netgear's website here. https://kb.netgear.com/app/answers/detail/a_id/30632 I am always wary of such things as well and always check the website first. But, since it is posted on their website and not just in the community........However, I had to do a lot of digging to find it. It's not like it was on the main page. I had to look under my specific router and look under security to find it. Of course it is nowhere to be found on Facebook or Twitter or seems to me, it should be smack dab on the front page of their website!
