Author Topic: NetGear Web GUI Password Recovery and Exposure Security Vulnerability  (Read 1135 times)

Offline Hardhead

  • Administrator
  • Sr. Member
  • *****
  • Posts: 496
    • View Profile

Release Date:
05/09/2016



http://kb.netgear.com/app/answers/detail/a_id/30632

Models and Firmware versions listed below:

Router Model and Firmware Version:
•R8500 v1.0.2.58_1.0.58
•R8000 v1.0.3.4_1.1.2
•R7900 v1.0.1.4_10.0.12
•R7300 v1.0.0.36_1.0.8
•R7000 v1.0.5.62_1.1.87
•R6900 v1.0.0.4_1.0.10
•R6700 v1.0.0.26_10.0.26
•R6400 v1.0.1.6_1.0.4
•R6300v2 v1.0.4.2_10.0.74
•AC1450 v1.0.0.34_10.0.16
•R6300 v1.0.2.78_1.0.58
•R6250 v1.0.4.2_10.1.10
•R6200v2 v1.0.3.8_10.1.6
•R6200 v1.0.1.56_1.0.43
•WNDR4500v2 v1.0.0.60_1.0.38
•WNDR4500 v1.0.1.44_1.0.73
•WNDR4000 v1.0.2.4_9.1.86
•WNDR3700v3 v1.0.0.40_1.0.32
•WNDR3400v3 v1.0.1.4_1.0.52
•WNDR3400v2 v1.0.0.48_1.0.75
•WNR3500Lv2 v1.2.0.34_40.0.75
•WNR1000v3 v1.0.2.68_60.0.93

 

Cable Gateway Model and Firmware Version:
•C6300 v2.01.14

 

DSL Gateway Model and Firmware Version:
•D6300 v1.0.0.96
•D6300B v1.0.0.40
•D6400 v1.0.0.44
•D6220 v1.0.0.12
•DGN2200v4 v1.0.0.66
•DGN2200Bv4 v1.0.0.68
•VEGN2610 v1.0.0.36
•V6510 v1.0.0.20


NETGEAR strongly recommends that you follow these two steps to remediate the vulnerability:
1.Manually enable the password recovery feature on your device.
 For more information, visit http://kb.netgear.com/app/answers/detail/a_id/20027/~/configuring-router-administrative-password-recovery.
2.Ensure that remote management is disabled.
 Remote management is disabled by default. For more information, check the user manual for your product, which is available from http://www.netgear.com/support/.

The potential for password exposure remains if you do not complete both steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.

NETGEAR is working on a firmware fix and will email the download information to all registered users when the firmware becomes available. To register your product, visit https://my.netgear.com/register/.

NETGEAR will update this KB article as more information becomes available.