NETGEAR is aware of a security vulnerability that can expose password security keys while the password recovery feature is disabled. This vulnerability occurs when an attacker can access the internal network or when remote management is enabled on the router.
This software vulnerability affects only certain NETGEAR devices that use the following firmware versions:
To prevent the issue, NETGEAR strongly recommends that you update to firmware v1.0.059 that has the password recovery page removed. Click the product link to download firmware v.1.0.0.59:
The updated firmware will minimize the vulnerability to unauthorized access to the device login account and password. If you do not update to firmware v1.0.0.59, attackers might be able to obtain the device login account and password to log in to your router setup page. NETGEAR is not responsible for any consequence that could have been avoided by following the recommendations of this notification.
Register your product at https://my.netgear.com/register/.
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
To report a security vulnerability, visit https://bugcrowd.com/netgear.
If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at techsupport.security@netgear.com.
For all other issues, visit http://www.netgear.com/about/security/.
The security@netgear.com email address is no longer accepting messages and is no longer actively monitored.
Last Updated:02/15/2017
|
Article ID: 30490