NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Web GUI Password Recovery and Exposure Security Vulnerability
I would like to point out to Netgear that their password recovery options are woefully insecure. I followed their advice to turn on Password Recovery but immediately aborted, Every single question ca...
Hi All,
Here is the KB article for the said vulnerability. You can check for the specific model number that is affected.
That sounds believable but the original warning is posted by the Community Manager (ChristineT) on this very site: https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability/m-p/1104237#M34308 So if Support is telling you it is scam they better check employee badges because they've been infiltrated.
Well the "Official" Poster may have received the email and is not invulnerable to a scam. Would be nice to get a definitive answer.
As you can see I have never posted here previously but registered today after speaking to Tech Support. Was shocked to see the "badges"'s: OP.
I am still genuinely concerned about this issue.
Support may be misinformed but I doubt they have been infiltrated.
Does The CM Monitor all threads?
Just saw the email contents in The Security Advisory Section.
Nice of them to send me an email two months after the fact.
Looks like someone at Tech Support doesn't know what he's talking about.
I have no checkbox to enable PW recovery -- any suggestions.
To me it sounds so counter-intuitive to plug a security vulnerablity by enabling PW recovery.
Hi All,
Here is the KB article for the said vulnerability. You can check for the specific model number that is affected.
Hello :-)
Thanks for the response.
Why did the telephone Tech Support Techie tell me the email was a scam and to ignore it?
Why did I not receive the alert email until two months after the vulnerability was discovered? Does anyone in Netgear Security have a dictionary with the words "Responsible" and "Responsibility" in it?
I can not perform the required fix as my GUI change PW page has no checkbox to enable password recovery.
Why am I going yo have to toss my $260 Netgear swiss chease "secure" box, cuz It appears to be unfixable since I have no checkbox to "enable PW Recovery"
Why do I have to pay $50 to extend my CS to get help to eliminate a vulnerability that was caused by a Netgear Design Flaw.
In Netgear's busness it can have The Best Products BUT without acting responsibly to critical security issues and without competent customer support it has nothing.
Send my contgratulations to the execs at Netgear for having nothing. I have posted this shocking experience on The World's most highly regarded security forum, on which I have been an active participant for a decade. It has a huge international following. After coming to this forum I cautioned that it might be incorrect as to the actual existence of the vulnerability but is correct about Netgear's apparently ignorant Customer Support, lack of responsibilty, and wothless 90 day customer help policy. Congratulate the execs. on their upcoming well-deserved %15 decline in consumer products revenues.