Today I was working on a Netgear Nighthawk wireless router. I pulled a backup of the router before upgrading the firmware. I found that while the admin password was encrypted, the security question answers were listed in plain text. Just wanted to put that out there since this seems like an oversight on Netgears part.
but you'd also have to be logged in and already know the password to pull the backup. (still not a good thing)
And something reported here several times over the years.
But it does fall into one of those "paranoia runs deep" issues.
It sits alongside the long running demand that the login use https rather than http, which misses the fact that login is a local network thing. So not something that Chinese intelligence is likely to try.
In the end, Netgear did implement the https option. This then broke things for many people by blocking access to various features.
