Orbi WiFi 7 RBE973

Re: R7000 password recall ... remote management

Not applicable

R7000 password recall ... remote management

I am a bit upset , having received an e-mail from Netgear , that the security of my router may be compromised via the remote password management process . Getting answers from Netgear is a bit tedious and difficult . It seems to me that Netgear should be more easily available to answer questions and provide more detailed advice . It appears the only way to get answers or guidance is through the Netgear community ... I think I have concluded that I have nothing to be concerned about since my router is primarily used for Mac's ( IMac desktop and a MacBook laptop ) and the Sarfari browser . Safari does not support the "remote password recovery management " process. The NetGearGenie is set up on my Mac ... I do have one PC connected to the Wi-Fi router but that PC has no NetGearGenie installed .... Am I to assume that I should have no concern with the remote password management security risk for either my Mac's or the one PC ???

If that is the case , Netgear could have noted this "Safari" exclusion in their e-mail . Additionally , the firmware version for my router ( which is up to date ) is not the same firmware version noted in conjuction with Netgears security risk e-mail ; however Netgear does not make it clear that the security compromise is firmware specific ... Any answers or comments out there ????

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 8

Accepted Solutions

Re: R7000 password recall ... remote management

Message 2 of 8

All Replies

Re: R7000 password recall ... remote management

Message 2 of 8

Re: R7000 password recall ... remote management

If I'm not mistaken, the vulnerability is not specific to Windows or OSX or even what browser you are using.  But the vulnerability appears to require the attack to originate from within your own network, which implies that your computer or device must already be compromised through some other means (e.g. malware on your computer).  From your compromised computer, an attacker can then launch on attack on your router to gain control of it unless you follow the two recommendations in the email:

  1. Enable password recovery under ADVANCED > Administration > Set Password on the R7000.
  2. Disable Remote Management under ADVANCED > Advanced Setup > Remote Management.

Because of the prerequisite (i.e. a compromised computer), I feel that the risk of this vulnerability is fairly low.  If your computer is comprised, then it's already game over.  I would definitely recommend keeping Remote Management disabled but you may be able to get away with leaving password recovery disabled.


This is strictly my personal opinion.  Caveat emptor.

Message 3 of 8

Re: R7000 password recall ... remote management

Message 4 of 8
Not applicable

Re: R7000 password recall ... remote management

I am Andies13 ... being new to this forum I did not find a solution or answer to my original post . Trying to read and understand replies to my post I clicked on several items by mistake . I am still unsure as to whether or not I have an issue and/or whether my router has been compromised . It would be nice to get a response directly from Netgear .

Message 5 of 8

Re: R7000 password recall ... remote management

yup you're right @TheEther 


@Retired_Member  according to this KB link vulnerability only affects R7000 v1.0.5.62_1.1.87 

if you have the latest firmware version v1.0.5.70 then you should be okay. Follow the recommendation on the KB as well. 

Message 6 of 8
Not applicable

Re: R7000 password recall ... remote management

I am learning how this forum works ( new to all this ) ; however I am no computer Geek and I am still learning ... So , checking my firmware version , it starts with ... My NetGearGenie states my router is up-to-date . Therefore I am thinking my version is particular to a Mac download . Perhaps this is consistent to the possiblity that there is in fact a distinction between Mac's Safari and PC vulnerabilities ... It would be nice to get a NetGear response to my post .

Message 7 of 8

Re: R7000 password recall ... remote management

The vulnerability is on the router itself, not on the Mac or PC.  There is no Mac-specific firmware.  Routers are agnostic to the computers on your network.


BTW, Netgear recalled due to other bugs.  Smiley Surprised


The current, official release is  You can download it from here (link).

Message 8 of 8
Discussion stats
  • 7 replies
  • 1 kudo
  • 3 in conversation

Orbi WiFi 7