NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Web GUI Password Recovery Vulnerability?
Back in June a security vulnerability was disclosed:
Web GUI Password Recovery and Exposure Security Vulnerability
It didn't seem to be addressed even in the most recent firmware release, v1.0.7.6_1.1.99, which fixed the vulnerability disclosed in Security Advisory VU 582384.
Is there any update on this?
Thanks!
Hi, DoctorX,
The post has been unfreeze.
14 Replies
Hi DoctorX,
Web GUI Password Recovery has been addressed already. You may check the article below.
JamesGL wrote:Hi DoctorX,
Web GUI Password Recovery has been addressed already. You may check the article below.
And what about those of us with the dubious honor of owning E.O.L. (aka, officially abandoned) Netgear devices such as the 1st rev. NightHawk R7500 (EOLed 12 months after inital release) --- So what of us? Are we collectively shoe-horned under the KB30632 (C.Y.A.) section jargon: "If your affected product does not have a firmware fix available, NETGEAR strongly recommends that you follow this workaround procedure to remediate the vulnerability" --- and once again Netgear's customer abandonment leaves us never really knowing if our devices were or were not, vulnerable? Because Netgear prefers not to "talk publicly" about matters they deem to be potentially embarrassing...
It's getting harder and harder to justify continuance at being a Netgear customer...
Is that the same vulnerability?
The reason I ask is that the 1.0.5.70 firmware is dated 06/02/2016 and was released on 06/15/2016.
The (frozen) post by ChristineT (admin) describing the unresolved issue was posted on 06/22/2016.
If its the same issue can the original post be unfrozen and updated?
Hi DoctorX,
The recent report about vulnerability is different from the Web GUI password Recovery Vulnerability. Both issues has been addressed already.
