This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I am a bit upset , having received an e-mail from Netgear , that the security of my router may be compromised via the remote password management process . Getting answers from Netgear is a bit tedious and difficult . It seems to me that Netgear should be more easily available to answer questions and provide more detailed advice . It appears the only way to get answers or guidance is through the Netgear community ... I think I have concluded that I have nothing to be concerned about since my router is primarily used for Mac's ( IMac desktop and a MacBook laptop ) and the Sarfari browser . Safari does not support the "remote password recovery management " process. The NetGearGenie is set up on my Mac ... I do have one PC connected to the Wi-Fi router but that PC has no NetGearGenie installed .... Am I to assume that I should have no concern with the remote password management security risk for either my Mac's or the one PC ???
If that is the case , Netgear could have noted this "Safari" exclusion in their e-mail . Additionally , the firmware version for my router ( which is up to date ) is not the same firmware version noted in conjuction with Netgears security risk e-mail ; however Netgear does not make it clear that the security compromise is firmware specific ... Any answers or comments out there ????
If I'm not mistaken, the vulnerability is not specific to Windows or OSX or even what browser you are using. But the vulnerability appears to require the attack to originate from within your own network, which implies that your computer or device must already be compromised through some other means (e.g. malware on your computer). From your compromised computer, an attacker can then launch on attack on your router to gain control of it unless you follow the two recommendations in the email:
Enable password recovery under ADVANCED > Administration > Set Password on the R7000.
Because of the prerequisite (i.e. a compromised computer), I feel that the risk of this vulnerability is fairly low. If your computer is comprised, then it's already game over. I would definitely recommend keeping Remote Management disabled but you may be able to get away with leaving password recovery disabled.
This is strictly my personal opinion. Caveat emptor.
I am Andies13 ... being new to this forum I did not find a solution or answer to my original post . Trying to read and understand replies to my post I clicked on several items by mistake . I am still unsure as to whether or not I have an issue and/or whether my router has been compromised . It would be nice to get a response directly from Netgear .
I am learning how this forum works ( new to all this ) ; however I am no computer Geek and I am still learning ... So , checking my firmware version , it starts with 1.0.6.28 ... My NetGearGenie states my router is up-to-date . Therefore I am thinking my version is particular to a Mac download . Perhaps this is consistent to the possiblity that there is in fact a distinction between Mac's Safari and PC vulnerabilities ... It would be nice to get a NetGear response to my post .
The vulnerability is on the router itself, not on the Mac or PC. There is no Mac-specific firmware. Routers are agnostic to the computers on your network.
BTW, Netgear recalled 1.0.6.28 due to other bugs.
The current, official release is 1.0.5.70. You can download it from here (link).
