NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Web GUI Password Recovery Vulnerability?
Back in June a security vulnerability was disclosed: Web GUI Password Recovery and Exposure Security Vulnerability https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Web-GUI-Password-Recove...
Hi, DoctorX,
The post has been unfreeze.
JamesGL wrote:Hi DoctorX,
Web GUI Password Recovery has been addressed already. You may check the article below.
And what about those of us with the dubious honor of owning E.O.L. (aka, officially abandoned) Netgear devices such as the 1st rev. NightHawk R7500 (EOLed 12 months after inital release) --- So what of us? Are we collectively shoe-horned under the KB30632 (C.Y.A.) section jargon: "If your affected product does not have a firmware fix available, NETGEAR strongly recommends that you follow this workaround procedure to remediate the vulnerability" --- and once again Netgear's customer abandonment leaves us never really knowing if our devices were or were not, vulnerable? Because Netgear prefers not to "talk publicly" about matters they deem to be potentially embarrassing...
It's getting harder and harder to justify continuance at being a Netgear customer...
AVJohnnie wrote:
... NightHawk R7500 ...
That's not on the list at all, and isn't in the NIST CVE record either. Are you sure it's affected by this particular vulnerability?
StephenB wrote:
AVJohnnie wrote:
... NightHawk R7500 ...That's not on the list at all, and isn't in the NIST CVE record either. Are you sure it's affected by this particular vulnerability?
Precisely my point - it's on neither list, good or bad. Netgear once again chooses to leave owners of their EOLed devices in the limbo of being unknowingly adrift ... and thereby potentially perpetuating the very problems they claim to be guarding the “Wide Net” against.
AVJohnnie wrote:
StephenB wrote:
AVJohnnie wrote:
... NightHawk R7500 ...That's not on the list at all, and isn't in the NIST CVE record either. Are you sure it's affected by this particular vulnerability?
Precisely my point - it's on neither list, good or bad. Netgear once again chooses to leave owners of their EOLed devices in the limbo...
The only device on the good list is the V6510. It would be reassuring if that list was more extensive. There are two bad lists - one with fixes, one without fixes. There are EOL routers included (the WNDR4000 being one). So Netgear hasn't ignored that category.
The R7500 isn't on the official EOL list btw - which is here: https://www.netgear.com/landing/eol.aspx
StephenB wrote:
AVJohnnie wrote:
StephenB wrote:
AVJohnnie wrote:
... NightHawk R7500 ...That's not on the list at all, and isn't in the NIST CVE record either. Are you sure it's affected by this particular vulnerability?
Precisely my point - it's on neither list, good or bad. Netgear once again chooses to leave owners of their EOLed devices in the limbo...
The only device on the good list is the V6510. It would be reassuring if that list was more extensive. There are two bad lists - one with fixes, one without fixes. There are EOL routers included (the WNDR4000 being one). So Netgear hasn't ignored that category.
The R7500 isn't on the official EOL list btw - which is here: https://www.netgear.com/landing/eol.aspx
To the contrary, R7500 initial release is EOL - R7500v2 is not (yet) EOL, per Netgear Support website:
https://www.netgear.com/support/product/r7500#download
- Model / Version: R7500
- Select a different version
- End of Life (Service Unavailable)