NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
OTP Security for Browser Admin Accounts
I use a NetGate router with one port dedicated to the WAX610. I do that so i can impose firewall rules to limit mobile access to the rest of our LAN. Does anyone know if NetGear plans to add MFA to the browser based admin & user accounts of its access points? Please don't send me to Insight. I want to reduce my attack surface, not increase it.WAX610 – 802.1X Supplicant on Wired Uplink Port – Feature Availability
Hello NETGEAR Support Team, I am currently deploying a network infrastructure using several WAX610/WAX620 access points (firmware up to date) combined with a MS510TXPP managed switch. As part of my security architecture, I would like to enable 802.1X port authentication on the switch ports connected to the access points, in order to prevent unauthorized access in the event an AP is physically removed and replaced by a rogue device. This requires the WAX610 to act as an 802.1X supplicant on its wired uplink/LAN port — independently from the 802.1X authenticator role it already plays for wireless clients via RADIUS. After reviewing the WAX610 user manual thoroughly, I could not find any mention of this capability on the wired port. My questions are: Does the WAX610 currently support 802.1X supplicant functionality on its wired uplink port? If not, is this feature on the roadmap for a future firmware release? This is a fairly standard enterprise security requirement, and I believe many customers deploying WAX610 in environments where physical security of the AP cannot be fully guaranteed would benefit from it. Thank you for your time and assistance. Best regardsWAX210 Firmware 1.1.0.34 Bug – SSID Password Complexity Incorrectly Enforced
Hi everyone — I’m seeing what looks like a firmware regression on the WAX210 after updating to v1.1.0.34, and I want to report it in case others are affected. After updating, the AP now refuses to save any configuration changes (even unrelated ones like just renaming the Access Point). The UI throws this error: SSID1: SSID passphrase length must be between 8 and 63 characters, and contain at least one uppercase letter, one lowercase letter, one number, and one special symbol. This happens even when the SSID password is not edited at all. The AP loads the existing (valid) WPA2/WPA3 passphrase and flags it as invalid due to a complexity requirement that didn’t exist before. This appears to be the AP Login Password complexity policy being mistakenly applied to SSID passphrases, which contradicts the official manual. SSID passwords for WPA2/WPA3 should only require 8–63 characters. Reproduction Steps Update WAX210 to firmware 1.1.0.34 Log into the web interface Make any change (example: AP Name only) Click Apply The SSID password complexity error appears, even though SSID settings were untouched Impact. The AP cannot accept any configuration changes unless the SSID password is replaced with a much more complex passphrase. This forces a complete re-key of all connected devices. Expected Behavior Per the WAX210 User Manual, SSID passphrases should be valid with: 8 to 63 characters No requirements for uppercase/lowercase/digits/symbols Those rules worked correctly in previous firmware versions. Current Workaround Rolling back to firmware 1.1.0.25 or 1.1.0.20 fully resolves the issue. Request Can Netgear please confirm whether this is a regression in 1.1.0.34 and escalate to the firmware engineering team? This issue effectively prevents configuration of the device. I can provide: Screenshots of the error dialog A configuration backup A short video showing the issue Exact hardware revision and serial if needed Thanks in advance.WAX620 V10.8.13.2 generating apparently bogus auth messages
I'm seeing messages for the MAC address of a Tuya Smart device authenticating and deauthenticating repeatedly to one of my SSIDs. There is no such device in my house. Is this a neighbor's device or a bug, or combination of the two? I tried creating a MAC ACL for it, which didn't completely stop the auth messages -- the WAX620 still reported periodic auths along with block messages. I've changed the SSID password (WPA3/2) and turned off the four devices using that SSID, but the messages continue. Below is a sample, the first form is seen every few seconds. No associated device ever makes a DHCPREQUEST. May 13 14:21:16 hostapd: wifi0vap0: STA a8:80:55:3c:be:c5 IEEE 802.11: authenticated May 13 03:45:52 hostapd: wifi0vap0: STA a8:80:55:3c:be:c5 IEEE 802.11: Station deauthenticated due to reason code 34 May 13 04:00:37 hostapd: wifi0vap2: STA a8:80:55:3c:be:c5 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)TLS 1.0 & 1.1 active in WAX625 https web interface
Having TLS 1.0 and TLS1.1 supported in https web interface makes Wifi WAX product line susceptible to TLS attacks : - BEAST Attack - CRIME Attack - RC4 Attack - Weak Cipher Suites Attack - Attacks renegotiation And the product is unfortunately shown to be non compliant with security scans, just for that unfortunate reason. The firmware is V10.8.11.4 and I cannot find a security option about TLS ? Are there hidden options somewhere ? Would it be possible to add an option to only support TLS 1.2 (and not 1.0 and 1.1) ? [ I means, as far as software is concerned, this is mostly a change of a numerical constant somewhere. ]WAC104 Passphrase masked
How do I unmask the passphrase in the security options on the wireless setup page admin site for my WAC104 ? I want to verify the password but the passphrase fields are masked with ****. How do I unmask them to see the current settings ? Please see attached screenshot Thanks in advance for any assistanceWAX 610 Password
We have 4 WAX610 devices with Firmware 10.3.2.2. A technician did not document the password and now we can't Access the single APs Website. I resettet the insights password and I know in the other sites I can connect using the insight password. But in this case it is not working. I restartet alle Access Points and hoped the password would work but no success. Is there anything I could try besides from resetting the APs? The local admin wants to look into the APs, so that is the reason for this question. Best regards, Bernd