NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Web GUI Password Recovery and Exposure Security Vulnerability
I would like to point out to Netgear that their password recovery options are woefully insecure. I followed their advice to turn on Password Recovery but immediately aborted, Every single question ca...
Hi All,
Here is the KB article for the said vulnerability. You can check for the specific model number that is affected.
THIS IS A SCAM--IGNORE IT
I was on the phone with Tech Support to confirm the vulnerability and was informed the current email circulating about the vulnerability did not come from Netgear and is a scam!!! I must have asked him 10 times to be certain.
Does Netgear's left hand know what the right hand is doing????
The email account from which it came has been closed.
hawki wrote:THIS IS A SCAM--IGNORE IT
I was beginning to feel deprived. I haven't seen this email.
My first thought whenever I see one of these message is scam.
If I want to do anything, I go to find the official source. I certainly don't start slagging off whoever is supposed to be the source of the email.
After all, would you ever follow the advice in emails from your bank?
I considered Netgear's Telephone Tech Support to be a reliable source. They told me to ignore the email because it was a scam. That was my mistake.
The Community Manger has confirmed that the email is valid.
I have no checkbox in my GUI to enable "Enable PW Recovery."
I received the email TWO MONTHS after the vulnerability was discovered.
The information is posted on Netgear's website here. https://kb.netgear.com/app/answers/detail/a_id/30632 I am always wary of such things as well and always check the website first. But, since it is posted on their website and not just in the community........However, I had to do a lot of digging to find it. It's not like it was on the main page. I had to look under my specific router and look under security to find it. Of course it is nowhere to be found on Facebook or Twitter or seems to me, it should be smack dab on the front page of their website!
I want to know why Netgear's Telphone Tech Support told me the email was a scam and to ignore it.
I want to know why the email was sent to me TWO MONTHS after the vulnerability was discovered.
I want to know why the "fix" is unworkable on my PC and Netgear GUI.
I want to know why I have to pay $50 to extend my 90 day support to get help to fix a vulnerability that was created by a Netgear Design Flaw.
I want to know why I was so stooopid to pay "top dollar" to buy a Netgear Product given today's experience.