The Vulnerability: NETGEAR has become aware of a security issue that can expose web GUI login passwords while the password recovery feature on your NETGEAR device is disabled. This vulnerability occurs when an attacker can access your internal network or when remote management is enabled on your NETGEAR device. Our records indicate that your NETGEAR product is affected. View the products affected
What You Can Do: NETGEAR strongly recommends that you follow these two steps to remediate the vulnerability:
2. Ensure that remote management is disabled.Remote management is disabled by default. For more information, check the user manual for your product, which is available from http://www.netgear.com/support/ The potential for password exposure remains if you do not complete both steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.
NETGEAR is working on a firmware fix and will email the download information to all registered users when the firmware fix becomes available.
What We Are Doing: As a leading provider of networking products NETGEAR wishes to make it easy for our customers to stay informed of security updates regarding NETGEAR products. At NETGEAR, we strive to earn and maintain the trust of our customers by delivering products that are innovative, secure and preserve the privacy of our customer's data. The NETGEAR team is constantly monitoring for security vulnerabilities and will work to inform our customer base of fixes and identified security concerns with the intent of upholding the promise of keeping your data secure.
We appreciate you being a part of our efforts in creating a more secure world.