This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Suspicious email - NETGEARSecurity@e.netgear.com - Web GUI Password Recovery and Exposure Security
WNDR3800
From an email from “NetGear” – is the email address, any of the click-able links in it, or the email itself legit?
Sender: NETGEARSecurity@e.netgear.com
Web GUI Password Recovery and Exposure Security Vulnerability
The Vulnerability:
NETGEAR has become aware of a security issue that can expose web GUI login passwords while the password recovery feature on your NETGEAR device is disabled. This vulnerability occurs when an attacker can access your internal network or when remote management is enabled on your NETGEAR device. Our records indicate that your NETGEAR product is affected. View the products affected
What You Can Do:
NETGEAR strongly recommends that you follow these two steps to remediate the vulnerability:
Manually enable the password recovery feature on your device. For more information visit: h t t p: //kb .netgear .com/app/answers/detail/a_id/20027/~/configuring-router-administrative-password-recovery
Ensure that remote management is disabled .Remote management is disabled by default. For more information, check the user manual for your product, which is available from h t t p: //www .netgear .com/support/
The potential for password exposure remains if you do not complete both steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.
NETGEAR is working on a firmware fix and will email the download information to all registered users when the firmware fix becomes available.
Please check in periodically to view more information as this becomes available on our NETGEAR Security Advisory site.
What We Are Doing:
As a leading provider of networking products NETGEAR wishes to make it easy for our customers to stay informed of security updates regarding NETGEAR products. At NETGEAR, we strive to earn and maintain the trust of our customers by delivering products that are innovative, secure and preserve the privacy of our customer's data. The NETGEAR team is constantly monitoring for security vulnerabilities and will work to inform our customer base of fixes and identified security concerns with the intent of upholding the promise of keeping your data secure.
We appreciate you being a part of our efforts in creating a more secure world.
Re: Suspicious email - NETGEARSecurity@e.netgear.com - Web GUI Password Recovery and Exposure Securi
Again, I never registered my router, NetGear should have never had my email address, so whether or not my router was covered under this or not is moot, I should have never recieved an email fro NetGear.
And the most important question - "Is "Sender: NETGEARSecurity@e.netgear.com" a legitamate email address for NetGear?" - is this a valid email address from NetGear to its consumers has not been answered?
