NETGEAR is aware of a security issue that can expose hard-coded API keys and session IDs, which allows attackers to add and delete devices via OpenDNS servers.
This vulnerability affects the NETGEAR genie app for Android devices, firmware versions 2.4.28 and earlier.
To prevent this issue, NETGEAR strongly recommends that you download firmware version 2.4.34 of the NETGEAR genie app for Android devices.
Click the following link to download firmware version 2.4.34 of the NETGEAR genie app for Android devices:
https://play.google.com/store/apps/details?id=com.dragonflow&feature=search_result#?t=W251bGwsMSwyLDEsImNvbS5kcmFnb25mbG93Il0&cid=wmt_netgear_organic
By updating your NETGEAR genie app for Android to firmware version 2.4.34 or later, session IDs and API keys are invisible to potential attackers.
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
To report a security vulnerability, visit https://bugcrowd.com/netgear.
If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at techsupport.security@netgear.com.
For all other issues, visit http://www.netgear.com/about/security/.
The security@netgear.com email address is no longer accepting messages and is no longer actively monitored.
Last Updated:02/10/2017
|
Article ID: 30922