"Election" hacking has never been simpler than it is today!
infosec

"Election" hacking has never been simpler than it is today!

Being a professional hacker has never been easier and more profitable than it is today. According to...
Read More
infosec

A new Android Trojan misleads users through notifications

A new Android Trojan discovered by security researchers on the Google Play Store uses false notifications to redirect their ...
Read More
infosec

Europol: Training of police officers with ....... a game!

In recent years, cryptocurrencies are a frequent target of hackers' attacks. For this reason, Europol has decided to train ...
Read More
infosec

Dark Web: Selling drugs in exchange for Bitcoins. Now prison!

We know that Dark Web is mainly used by hackers and people who are interested in doing illegal online activities. These people are using ...
Read More
infosec

Twitter: Deleting thousands of fake Iranian and Russian accounts

One of the most common means of spreading misinformation and political propaganda is social media. Twitter found, ...
Read More
Latest Posts

NETGEAR Password Recovery and Exposure Security Vulnerability

NETGEAR is aware of the security issue that can expose GUI login passwords while the password recovery feature is disabled. This vulnerability occurs when an attacker can access the internal network or when remote management is enabled on the router. Remote management is disabled by default; users can turn on remote management through advanced settings.netgear

Firmware fixes are currently available for the following affected devices. To download the firmware release, which fixes the password recovery vulnerability, click on the link for your model and visit the firmware release page for instructions:

NETGEAR has also released firmware that fixes the web password recovery vulnerability for the following cable modem router:

  • C6300

For cable products like C6300, new firmware is released by your Internet service provider after NETGEAR releases it to them. The firmware fix for the C6300, firmware version 2.01.18, has been released to all service providers. Until your service provider issues the fixed firmware to you, NETGEAR strongly recommends that you use the workaround procedure explained in this article. To see your C6300's current firmware version, visit the following Knowledge Base article and follow the instructions: How do I view the firmware version of my cable modem or modem router?.

NETGEAR has tested the following devices and has confirmed that they are not affected by the web password recovery vulnerability:

  • V6510

For the following affected products, NETGEAR recommends using the workaround procedure explained in this article.

Router Model and Firmware Version:

  • R6200 v1.0.1.56_1.0.43
  • R6300 v1.0.2.78_1.0.58
  • VEGN2610 v1.0.0.14_1.0.12
  • AC1450 v1.0.0.34_10.0.16
  • WNR1000v3 v1.0.2.68_60.0.93
  • WNDR3700v3 v1.0.0.38_1.0.31
  • WNDR4000 v1.0.2.4_9.1.86
  • WNDR4500 v1.0.1.40_1.0.68

DSL Gateway Model and Firmware Version:

  • D6300 v1.0.0.96
  • D6300B v1.0.0.40
  • DGN2200Bv4 v1.0.0.68
  • DGN2200v4 v1.0.0.76

If your affected product does not have a firmware fix available, NETGEAR strongly recommends that you follow this workaround procedure to remedy the vulnerability:

  1. Manually enable the password recovery feature on your device.
    For more information, visit Configuring administrative password recovery.
  2. Ensure remote management is disabled.
    Remote management is disabled by default. For more information, check the user manual for your product, which is available from http://www.netgear.com/support/.

The potential for password exposure remains if you do not complete both steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.

http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *