Announcements

Top Contributors
Reply
Highlighted
Guide

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Ok, I have tried through my web browser to follow your instructions but following this instruction: Click Advanced > Remote Management.  There is no Remote management  option anywhere on any "Advanced" page.  I am running 

Firmware Version  V1.0.3.18_10.0.42  and when I ask for a firmware update I am told my firmware is up to date.  

 

I really hate and distrust the Nighthawk mobile app as it crashed almost immediately and crashing my router is NOT an option.

 

1.  Do I really need to do a patch?

 

2. How do I do it manually through router net?  

 

If you are going to put out critical patches they should be available via the update within the local command instead of running through another level of security risk.

 

Model: R7900|Nighthawk X6 AC3000 Tri-Band WiFi Router
Message 26 of 182
Highlighted
Aspirant

Re: Important Security Advisory Notification: Information on affected NETGEAR products

I agree with the previious comment.  The email I received did NOT CORRECTLY state where to check for Remote Management setting.  I would never have found it unless the previous person said to look under Web Services Management.    Netgear should remember that not all of us have the IT skill set you do.


@mynameisrobo wrote:

That's some pretty crappy documentation, at least for my router it does not apply. Come on Netgear - you can do better.

 

To get to the Remote Managment feature on my Nighthawk R7000, I had to go to the Advanced Tab. Under the Advanced Setup drop down menu on the left-hand side, I picked Web Services Management.


 

Model: R7000P|Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router
Message 27 of 182
Highlighted
Tutor

Re: Important Security Advisory Notification: Information on affected NETGEAR products

I am beyond frustrated. Here’s what is happening. I have tried to connect to see if the remote is off - from both my iPhone and my laptop. I am now getting a page that says I may not be connected to my router BUT I AM!! I clear the cache, as suggested, but get the same result. NOTE: I Got through once via my iPhone, but when i clicked “advanced” it did not lead me to anything saying “remote management”. Please tell me what to do.
Message 28 of 182
Highlighted
Initiate

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Thank you. I followed the link and read it. Had to look up LAN. Am I correct in understanding that the router link the Security Advisory gave connects me to my own router and that others not connected to the router cannot see the information that pops up? So therefore, I don't need to worry about those encryption messages?

Model: R6700|Nighthawk AC1750 Smart WiFi Router
Message 29 of 182
Highlighted
Aspirant

Re: Important Security Advisory Notification: Information on affected NETGEAR products

I can not find "remote management" under the Advance tab when logged in as adviced in the security alert received today. Where will I find it?

Model: R7000|AC1900 Smart WIFI Router
Message 30 of 182
Highlighted
Apprentice

Re: Important Security Advisory Notification: Information on affected NETGEAR products

@ed6165

 

You're not the only one who couldn't find it. This thread is infuriating from the point of view that the information provided was just not comprehensive enough.

 

Go to Advanced Setup tab, and go into Web Services Management and you'll find it there. It should be disabled by default anyway.

Message 31 of 182
Highlighted
Tutor

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Is anybody from Netgear monitoring this thread? When I click the link (routerlogin.net) I am now being sent to a page that says “ You may not be connected to your Router’s WiFi network....”. BUT I AM connected to my Rotuers WiFi. The one time I was able to connect (which was a random occurrence) I could not find Remote Managment. Help please.
Message 32 of 182
Highlighted
Tutor

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Hello,
I came here to confirm the email was legit.
Should remote management be set to off on the NightHawk app as well as the router web page? Thanks.
PlayaGal
Model: R7000P|Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router
Message 33 of 182
Highlighted
Aspirant

Re: Important Security Advisory Notification: Information on affected NETGEAR products

WOW...that was so simple and quick. Thank you for the fast answer.

 

 

Model: R7000|AC1900 Smart WIFI Router
Message 34 of 182
Highlighted
Guide

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Sounds as if others besides me are having issues with the Nighthawk app.

 

If you have a desktop or laptop, open your web browser (Chrome and Firefox confirmed to work) and enter http://192.168.1.1/

 

That should pop up your Web GUI.  Enter your user name ( has to be "admin"  sorta lax security here) and your password.  If you have not set a password it will be "password" .....that needs to be changed NOW!

 

I have had real issues getting into my Web GUI using "routerlogin.net" .  The above method still seems to work. 

 

And thanks to all that supplied the correct path to the Remote Mangement location.

Model: R7900|Nighthawk X6 AC3000 Tri-Band WiFi Router
Message 35 of 182
Highlighted
Apprentice

Re: Important Security Advisory Notification: Information on affected NETGEAR products

@PlayaGal  Not sure where this 'email' that keeps getting mentioned, has come from?

I've not received any email and my router is registered with Netgear and they have my email address. As far as I know, this has only come to the fore because @ChristineT  has started this thread to inform us all.

 

As remote management is apparently defaulted to OFF then it should by all accounts remain OFF or disabled. Mine was indeed OFF when I eventually found where it was in the GUI.

 

The Nighthawk App however, apparently remote management should be ON, for which no reason or justification has been forthcoming. I mean to be honest, I could just delete the Nighthawk App off my phone and then it wouldn't make any difference anyway. Interestingly, the Nighthawk App has just been updated on ios today. No coincidence there I assume.

Message 36 of 182
Highlighted
NETGEAR Moderator

Re: Important Security Advisory Notification: Information on affected NETGEAR products

@Slazare Do you have a PC that is hardwired to the router if so that would be the best way to access the router's settings if not you may want to enter 192.168.1.1 in your web browser rather than www.routerlogin.net see if that brings up the login to the router.

 

DarrenM

Message 37 of 182
Highlighted
Tutor

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Thank you for responding. I am unable to hardwire to the router. When I put in the IP address - on my notebook or on my iPhone - I get a message saying it cannot open to that page. I am DEFINITELY connected to the WiFi. My devices are otherwise showing full connectivity. This morning I was able to login (but then had different problems - couldn’t find Remote Managment). This is a bit aggravating.
Message 38 of 182
Highlighted
NETGEAR Moderator

Re: Important Security Advisory Notification: Information on affected NETGEAR products

I have taken screen shots from my R8500 on where to go to make sure remote management is unchecked hope this helps. Some routers may have slightly different menus.

  1. On a computer that is part of your home network, type http://www.routerlogin.net in the address bar of your browser and press Enter. Or you may need to use 192.168.1.1 in the address bar
  2. Enter your admin user name and password and click OK. If you never changed your user name and password after setting up your router, the user name is admin and the password is password.

 

Remote1.png

 

 

 

 

  1. Click Advanced

Remote 2.png

 

  1. Next Click Advanced Setup

Remote3.png

  1. Then Remote Management

remote4.png

  1. Last thing is to make sure the Turn Remote management On Box is unchecked

Remote5.png

Message 39 of 182
Highlighted
NETGEAR Moderator

Re: Important Security Advisory Notification: Information on affected NETGEAR products

@Slazare The Ip address of your router might have changed is it connected to a modem from your ISP that has a router built into it? Also, remote management is off by default if you have never gone in and enabled it at any time then it should be unchecked.

 

DarrenM

Message 40 of 182
Highlighted
Tutor

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Darren M - Still can’t get into my admin page, even though I am connected to the WiFi. My nighthawk app also thinks I am not connected to the WiFi. Typing in IP address is not working. How can I speak to someone?
Message 41 of 182
Highlighted
Tutor

Re: Important Security Advisory Notification: Information on affected NETGEAR products

How do I figure out the answer to the first question? The strange thing is I was able to access my admin page this morning by clicking the login link. Now nothing is working.
Message 42 of 182
Highlighted
NETGEAR Moderator

Re: Important Security Advisory Notification: Information on affected NETGEAR products

@Slazare You would need to contact our support by following this link.

 

https://www.netgear.com/support/contact.aspx

 

DarrenM

Message 43 of 182
Highlighted
Tutor

Re: Important Security Advisory Notification: Information on affected NETGEAR products

does that give me a person to speak to in real time? What other suggestions do you have? Like I said, I was able to access it this morning, but cannot now. I am fully connected to the router, but Netgear keeps saying i am not.
Message 44 of 182
Highlighted
Tutor

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Thank you to all who replied to my question. I haven’t been on here in a while and can’t seem to respond directly. I do have another question. On the email I received it also listed our previous router WNR834Bv2.
We are not currently using it except when a second or intranet connection is needed for band stuff. Do I need to start that up and check it also?
Thanks again for your kind assistance all!
PG
Model: R7000P|Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router
Message 45 of 182
Highlighted
NETGEAR Moderator

Re: Important Security Advisory Notification: Information on affected NETGEAR products

@PlayaGal Only when you go to use it again you would need to check to make sure remote management is disabled.

 

DarrenM

Message 46 of 182
Highlighted
Aspirant

Re: Important Security Advisory Notification: Information on affected NETGEAR products

If you registered your router with NetGear, You should receive a detailed E-mail as to how to check and correct if necessary.  This is a copy of my E-mail...

 

We have become aware of vulnerabilities involving certain NETGEAR products and have issued a security advisory.

We have released hotfixes addressing some of the vulnerabilities for certain impacted models and continue to work on hotfixes for the remaining vulnerabilities and models, which we will release on a rolling basis as they become available. We strongly recommend that you download the latest firmware containing the hotfixes as instructed in the security advisory. We plan to release firmware updates that fix all vulnerabilities for all affected products that are within the security support period.Until a hotfix or firmware fix is available for your product, we strongly recommend turning off Remote Management in your product Web GUI (not to be confused with Remote Management in the Nighthawk app).Turning off Remote Management in your product Web GUI significantly reduces your risk of exposure to these vulnerabilities.

Please keep in mind that Remote Management in your product Web GUI is turned off by default, so if you never enabled Remote Management in your product Web GUI, you do not need to take any action to disable Remote Management in your product Web GUI.
Please note that the Remote Management feature in your product Web GUI is different from the Remote Management feature in the Nighthawk app. You should NOT turn off Remote Management in the Nighthawk app.If you have Remote Management in your product Web GUI turned on, please turn it off immediately.How to turn off Remote Management:

  1. On a computer that is part of your home network, type http://www.routerlogin.net in the address bar of your browser and press Enter.
  2. Enter your admin user name and password and click OK. If you never changed your user name and password after setting up your router, the user name is admin and the password is password.
  3. Click Advanced > Remote Management.
  4. If the check box for Turn Remote Management On is selected, clear it.
  5. If Remote Management was turned on, click Apply to save your changes.
    Otherwise, click Cancel.

Best Practices
As a reminder NETGEAR recommends following best practices to secure your home network by using a strong & unique WiFi password, and not sharing your WiFi password. Use the Nighthawk App to monitor devices connected to your WiFi network, and block unknown devices; check that your product has the latest firmware and update it with a single click.Stay Informed
This community article will be updated as new information becomes available.

Message 47 of 182
Highlighted
Tutor

Re: Important Security Advisory Notification: Information on affected NETGEAR products

Darren M. I am now able to get in. Did a hard reset. But my “Advanced” page says nothing about Remote Management, and “Web Services Management” is not clickable.
Message 48 of 182
Highlighted
NETGEAR Moderator

Re: Important Security Advisory Notification: Information on affected NETGEAR products

That may mean your Netgear router is in AP mode and you have a router that's in your modem so if that option is not clickable then it is disabled and you are good to go.

 

DarrenM

Message 49 of 182
Highlighted
Tutor

Re: Important Security Advisory Notification: Information on affected NETGEAR products

So, I am not great on the techno lingo Smiley Happy. The take away, to my understanding, is that if “web services Managment” is unclickable, I am good to go insofar as the issue at hand is concerned. Thank you for your help!
Message 50 of 182