NETGEAR is aware of a security vulnerability associated with the https certificate and private keys for modem routers. This vulnerability occurs when an attacker can access the internal network or when remote management is enabled on the router.
This software vulnerability affects only certain NETGEAR devices that use the following firmware versions:
- D3600 v1.0.0.49
- D6000 v1.0.0.49 or earlier
To prevent the issue, NETGEAR strongly recommends that you download firmware v1.0.0.59 that updates the certificate and private keys. Click the product link to download firmware v.1.0.0.59.
The updated firmware will minimize vulnerability to remote attacks. If you do not update to firmware v1.0.0.59, attackers might be able to carry out impersonation, man-in-the-middle, or passive decryption attacks, resulting in sensitive information exposure. NETGEAR is not responsible for any consequence that could have been avoided by following the recommendations in this notification.
Register your product at https://my.netgear.com/register/.
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
To report a security vulnerability, visit https://bugcrowd.com/netgear.
If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at techsupport.security@netgear.com.
For all other issues, visit http://www.netgear.com/about/security/.
The security@netgear.com email address is no longer accepting messages and is no longer actively monitored.
Last Updated:01/06/2017
|
Article ID: 30560