NETGEAR has become aware of a security issue that can expose web GUI login passwords while the password recovery feature on your NETGEAR device is disabled. This vulnerability occurs when an attacker can access your internal network or when remote management is enabled on your NETGEAR device.
To check if your NETGEAR product is affected. View the products affected
What You Can Do:
NETGEAR strongly recommends that you follow these two steps to remediate the vulnerability:
- Manually enable the password recovery feature on your device. For more information visit: http://kb.netgear.com/app/answers/detail/a_id/20027/~/configuring-router-administrative-password-recovery
- Ensure that remote management is disabled.Remote management is disabled by default. For more information, check the user manual for your product, which is available from http://www.netgear.com/support/
The potential for password exposure remains if you do not complete both steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.
NETGEAR is working on a firmware fix and will email the download information to all registered users when the firmware fix becomes available.