NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
When, as instructed by Netgear support, you go to 10.0.0.1/debug.htm to capture a debug log, the log that is created includes the user's WiFi passwords in the clear. You are told to send this log to Netgear support using normal (unsecured) email. This exposes your passwords to any interloper.
The debug capture logs should not include user passwords. They are not needed for debugging. It is standard industry practice to omit passwords and other such sensitive information from debug logs.
As a user, you can always edit the logs to remove the passwords before uploading them. But most users will not think of doing that. Even worse, there is no warning that your passwords have been exposed. So you won't even know that you should change them after sending a debug log.
Yes, exposure is limited because someone would have to be in physical proximity of your WiFi network to take advantage of this. But that is no excuse for exposing the passwords.
No CommentsBe the first to comment