NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

security

525 Topics

OTP Security for Browser Admin Accounts
I use a NetGate router with one port dedicated to the WAX610. I do that so i can impose firewall rules to limit mobile access to the rest of our LAN. Does anyone know if NetGear plans to add MFA to the browser based admin & user accounts of its access points? Please don't send me to Insight. I want to reduce my attack surface, not increase it.
ortizalfredt
Jun 03, 2026 Place Pro WiFi Access Points
57Views
0likes
4Comments
WAX610 – 802.1X Supplicant on Wired Uplink Port – Feature Availability
Hello NETGEAR Support Team, I am currently deploying a network infrastructure using several WAX610/WAX620 access points (firmware up to date) combined with a MS510TXPP managed switch. As part of my security architecture, I would like to enable 802.1X port authentication on the switch ports connected to the access points, in order to prevent unauthorized access in the event an AP is physically removed and replaced by a rogue device. This requires the WAX610 to act as an 802.1X supplicant on its wired uplink/LAN port — independently from the 802.1X authenticator role it already plays for wireless clients via RADIUS. After reviewing the WAX610 user manual thoroughly, I could not find any mention of this capability on the wired port. My questions are: Does the WAX610 currently support 802.1X supplicant functionality on its wired uplink port? If not, is this feature on the roadmap for a future firmware release? This is a fairly standard enterprise security requirement, and I believe many customers deploying WAX610 in environments where physical security of the AP cannot be fully guaranteed would benefit from it. Thank you for your time and assistance. Best regards
kazh
Jun 01, 2026 Place Pro WiFi Access Points
33Views
0likes
1Comment
WAX210 Firmware 1.1.0.34 Bug – SSID Password Complexity Incorrectly Enforced
Hi everyone — I’m seeing what looks like a firmware regression on the WAX210 after updating to v1.1.0.34, and I want to report it in case others are affected. After updating, the AP now refuses to save any configuration changes (even unrelated ones like just renaming the Access Point). The UI throws this error: SSID1: SSID passphrase length must be between 8 and 63 characters, and contain at least one uppercase letter, one lowercase letter, one number, and one special symbol. This happens even when the SSID password is not edited at all. The AP loads the existing (valid) WPA2/WPA3 passphrase and flags it as invalid due to a complexity requirement that didn’t exist before. This appears to be the AP Login Password complexity policy being mistakenly applied to SSID passphrases, which contradicts the official manual. SSID passwords for WPA2/WPA3 should only require 8–63 characters. Reproduction Steps Update WAX210 to firmware 1.1.0.34 Log into the web interface Make any change (example: AP Name only) Click Apply The SSID password complexity error appears, even though SSID settings were untouched Impact. The AP cannot accept any configuration changes unless the SSID password is replaced with a much more complex passphrase. This forces a complete re-key of all connected devices. Expected Behavior Per the WAX210 User Manual, SSID passphrases should be valid with: 8 to 63 characters No requirements for uppercase/lowercase/digits/symbols Those rules worked correctly in previous firmware versions. Current Workaround Rolling back to firmware 1.1.0.25 or 1.1.0.20 fully resolves the issue. Request Can Netgear please confirm whether this is a regression in 1.1.0.34 and escalate to the firmware engineering team? This issue effectively prevents configuration of the device. I can provide: Screenshots of the error dialog A configuration backup A short video showing the issue Exact hardware revision and serial if needed Thanks in advance.
Dash16
May 13, 2026 Place Business Essentials Access Points
866Views
4likes
20Comments
GS108Tv3 Recommended ACL for direct internet
I’m looking for a list of recommended IPv4 ACL rules for a switch directly connected to the internet with a static IP.
Gfl
Apr 04, 2026 Place Easy Smart, Plus and Smart Switches
200Views
0likes
2Comments
Need SOV for GS105NA
I would like to request a Statement of Volatility for a GS105NA. If there are different SOVs for different versions, I can provide serial number and/or can you tell me how to tell which version I have? The part number is 100-15898-0R13. Thanks, phil
Ptemkin
Feb 19, 2026 Place Unmanaged Switches
153Views
0likes
1Comment
Advanced 802.1Q VLAN Doesn't Block Untagged Traffic?
I think the answer might be obvious. Lower-end Netgear switches are not managed using VLAN traffic, so they allow all untagged traffic to pass through. Is this correct? For example, a port is configured with VLAN ID 10 for untagged traffic and its PVID is 10. It will tag the traffic correctly and all the traffic will go to the correct subnet. However, if I manually configure my IP, I can access any other device on the link that is not VLAN aware. This could be another Netgear switch or a MoCA device. My configuration: Devices: GS308EP GS305E
patreeek
Feb 05, 2026 Place Easy Smart, Plus and Smart Switches
141Views
0likes
2Comments
Letter of Volatility request
Hello, can i have a letter of Volatility for the JGS516 please?
Solved
Davwill
Dec 10, 2025 Place Unmanaged Switches
480Views
0likes
1Comment
JGS524NA Statement of Volatility
Hello, can you please send me a statement of volatility for the JGS524NA? thanks.
jlynch
Nov 17, 2025 Place Easy Smart, Plus and Smart Switches
318Views
0likes
1Comment
Request: List of Products That Perform Cryptographic Key Provisioning
We are reviewing your networking products for internal compliance purposes. Could you please confirm which of your hardware-based products (e.g., switches, routers, relays, gateways) include any of the following cryptographic functions: Provisioning or distribution of encryption keys to other devices Acting as a MACsec Key Server (e.g., providing CAKs/SAKs to peers via MKA) Providing IPsec/IKEv2 key exchange for other systems Embedded EAP/PKI certificate provisioning or CA functions Managing network-wide encryption policies or certificate trust for other devices We are not asking about encryption used only for login/authentication (e.g., HTTPS, SNMPv3, 802.1X), or encryption used solely for the unit’s own interfaces. This request is limited to cases where the product provides or manages encryption on behalf of other devices. If possible, please provide a list or matrix identifying which models include any of the above features. Any documentation that describes these capabilities would also be appreciated. Thank you for your support.
cyberherts
Jul 15, 2025 Place Managed Switches
160Views
0likes
0Comments
WAX620 V10.8.13.2 generating apparently bogus auth messages
I'm seeing messages for the MAC address of a Tuya Smart device authenticating and deauthenticating repeatedly to one of my SSIDs. There is no such device in my house. Is this a neighbor's device or a bug, or combination of the two? I tried creating a MAC ACL for it, which didn't completely stop the auth messages -- the WAX620 still reported periodic auths along with block messages. I've changed the SSID password (WPA3/2) and turned off the four devices using that SSID, but the messages continue. Below is a sample, the first form is seen every few seconds. No associated device ever makes a DHCPREQUEST. May 13 14:21:16 hostapd: wifi0vap0: STA a8:80:55:3c:be:c5 IEEE 802.11: authenticated May 13 03:45:52 hostapd: wifi0vap0: STA a8:80:55:3c:be:c5 IEEE 802.11: Station deauthenticated due to reason code 34 May 13 04:00:37 hostapd: wifi0vap2: STA a8:80:55:3c:be:c5 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
lippard
May 15, 2025 Place Pro WiFi Access Points
637Views
1like
2Comments