Please Contact Us for questions about the acquisition, product support, or account management.here.
Potentially more than one million NETGEAR routers are vulnerable to flaws that can lead to password disclosure. With these vulnerabilities, routers are susceptible to both local and remote attackers via an exploit of the remote management feature. NETGEAR claims this feature is disabled by default, but the near one-million devices with it enabled show otherwise. NETGEAR was informed of these vulnerabilities in April 2016, and in July 2016 they provided firmware updates for only a few of the affected models.
The most recent report shows there are 31 vulnerable models of routers, only 18 of those have the proper patches readily available. If your device does not have a patch available, it is necessary to manually enable password recovery and disable remote management to avoid potential problems.
“The potential for password exposure remains if you do not complete both steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification,” stated NETGEAR.
Leaving hard-coded and potentially vulnerable passwords like this leaves these devices open for the taking by a potential malware like Mirai. Once infected with Mirai, the device is joined to the IoT botnet that is currently responsible for the largest DDoS attack ever recorded.
For more information on how to avoid this and other types of cybersecurity risks, click here.