- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Security email: Disable remote management
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I received an e-mail about Web GUI password recovery vulnerability and two-step instructions to follow. I was successful in step 1. Step 2 requires that you check to ensure that remote management is disabled. I downloaded the user guide for my model and clicked on advanced-advanced setup-remote management as the guide shows. The guide shows a screen with boxes to check. Mine is a blank page. Does this mean that my model does not permit remote management even though the user guide suggests that it does? Or does this suggest that access was gained remotely? Something else?
Advice appreciated.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
It is a legit e-mail.
We also have posted it on here in the community.
Web GUI Password Recovery and Exposure Security Vulnerability
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Disable remote management
I received the same email. Is it genuine?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Disable remote management
Hi,
I found the same security advisory message on the Netgear website . See link
https://www.netgear.com/about/security/?cid=gwmng
Interestingly, the advisory was released on 5/9/2016 and I only received the e-mail yesterday almost 6 weeks later. I think it is real
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
It is a legit e-mail.
We also have posted it on here in the community.
Web GUI Password Recovery and Exposure Security Vulnerability
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
Default Gateway is blank, and I cannot figure out how to connect my PC to the router. I have an ethernet cable, but there's only one place to plug that in, and that's where the internet cable is plugged in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
@capayne What's the model number and version of your NETGEAR device?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
WNDR4500v3N900
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Disable remote management
@capayne There should be 4 LAN ports available for you to connect your computers. Unless all those 4 are being used already.
The yellow/WAN/Internet port should be used by the modem.
Now, in order for you to check and follow the instructions provided from the link, connect your PC directly to one of the 4 ports.
Try to disconnect one cable and connect your PC to it and you should be getting an IP address under Default Gateway.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Disable remote management
None of those ports are being used, and I tried two of them, 1 and 4, and still Default Gateway shows nothing.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Disable remote management
@capayne Can you post a screenshot?
Do you have lights turned on from the front panel of the router where you connect the Ethernet cable?
Are there any other cables for you to try?
Can you try other ports too?
If none of them are lit, try to use a different Ethernet to see if it's a bad cable.
For additional information, see this article.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
OK, will try these things and post if they don't work . . . will have to dig up another ethernet cable . . .
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
And yes, all the appropriate lights are on; I have internet and WiFi service.
There are no other ports to try.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
Kindly provide the screenshot.
What's the IP address of the PC that can connect wirelessly?
What specific lights are lit?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
If the box for remote management is not checked, does that confirm that the router cannot be accessed remotely?
Urgent reply needed as I am leaving town for a week.
Thanks,
Gary Roberts
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
Thanks Elaine and Gary, I was able to complete both tasks.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Disable remote management
I have an R4500. I do not see a plain R4500 listed in the devices affected. Is this procedure something I need to do with my router? If so, I'm not computer savy enough to even begin. What risk is there in not doing this? IF, I even need to do it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
Well you better tell your Tech Support.
I just got the email a few hours ago - Tech support says to ignore it cuz its a scam.
the email address it came from has been closed.
My gui has no option to enable PW recovery is why I called support.
WTF is the true story? And if it's legit what kind of support is Netgear offerring these days ???????????????
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
When I access Advanced features, the check box to ENABLE remote management is NOT CHECKED so I assume it is not turned on. However, I have been using NetGenie to switch channels with my cell phone APP. Does NetGenie NOT USE remote management? If it does, why can I remote manage without it turned on?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
BTW: This afternoon as late as 1:00 PM EST, the page on which the subject security advisory was taken down with an explanation that perhaps it was being modified).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
You state that it is a legitimate email and I have no doubt that you are right but perhaps you can answer me a few questions on that point.
The email address used by you is "NETGEARSecurity@e.netgear.com". Note, "e.netgear.com". not "netgear.com".
The download link provided for to recover the password is "http://kb.netgear.com/app/answers/detail/a_id/30632", note the address, "kb.netgear.com", not "netgear.com".
In an age we are constantly told to be vigilant against scams to maintain security, it appears to me that Netgear is perhaps one communications hardware company that makes it very difficult to determine wether an email is or is not valid, at least from Netgear as they appear to have a number of internet addresses any of which can be used to communicate with their customers and any of which can be used as links to send customers to.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
@Retired_Member wrote:You state that it is a legitimate email and I have no doubt that you are right but perhaps you can answer me a few questions on that point.
The email address used by you is "NETGEARSecurity@e.netgear.com". Note, "e.netgear.com". not "netgear.com".
The download link provided for to recover the password is "http://kb.netgear.com/app/answers/detail/a_id/30632", note the address, "kb.netgear.com", not "netgear.com".
In an age we are constantly told to be vigilant against scams to maintain security, it appears to me that Netgear is perhaps one communications hardware company that makes it very difficult to determine wether an email is or is not valid, at least from Netgear as they appear to have a number of internet addresses any of which can be used to communicate with their customers and any of which can be used as links to send customers to.
I agree, but your questions are more properly addressed to The Community Manager or Forum Moderator.
You are correct that the email address of the source of the email I received is: From:NETGEAR Security <NETGEARSecurity@e.netgear.com>
My main complaint is that I was explicitly told by a Netgear Telephone Support Rep that the email is a scam and that I should ignore it. The email address tended to confirm the Tech's statement. It appeared to me as being suspect.
I carry no brief to defend Netgear.
From all the discussions and comments by the Community Manager and Forum Moderator and high volume posters it appears that the email is legit
hawkeye
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
Got an email.
I have a WNDR 4500 v3.
I read the website and it does not state this model as being affected? Is it?
I do not have and "advanced tab in my genie. Where do I find it?
I searched the users manual for the term "remote management". and it can not find it.
(None of this makes sense. Why would I enable "passowrd recovery for for security??)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
The ADVANCED tab is not in NetGear Genie App. It is found when you login to your router like your router. put http://www.routerlogin.com in an open browser address bar. Enter user name and password (usually admin and password unless you changed them). It opens NetGear Genie on your computer. There are two tabs--Basic and Advanced. Choose ADVANCED tab and then click on "Advanced Setup". In the dropdown menu, select "Remote Access"
At top of the window that opens is a checkbox to TURN ON REMOTE MANAGEMENT.
I have never turned this on but am able to use NetGear Genie on my cellphone to switch channels. So not sure what all is included in REMOTE MANAGEMENT but I haven't needed to turn on to manage my WiFi Network using cellphone.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security email: Disable remote management
@Annoyed666 wrote:Got an email.
I have a WNDR 4500 v3.
I read the website and it does not state this model as being affected? Is it?
I do not have and "advanced tab in my genie. Where do I find it?
I searched the users manual for the term "remote management". and it can not find it.
(None of this makes sense. Why would I enable "passowrd recovery for for security??)
The WNDR4500v1 and WNDR4500v2 are listed. Wonder if the just forgot to add WNDR4500V3 or if really is not affected by this security issue.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more