A security warning I received today from Netgear regarding vulnerabilities in some of their products.
Security Advisory Notification
We have become aware of vulnerabilities involving certain NETGEAR products and have issued a security advisory. Our records indicate that you may own a NETGEAR product that is one of the impacted products, specifically the model set forth above.
We have released hotfixes addressing some of the vulnerabilities for certain impacted models and continue to work on hotfixes for the remaining vulnerabilities and models, which we will release on a rolling basis as they become available. We strongly recommend that you download the latest firmware containing the hotfixes as instructed in the security advisory. We plan to release firmware updates that fix all vulnerabilities for all affected products that are within the security support period.
Until a hotfix or firmware fix is available for your product, we strongly recommend turning off Remote Management in your product Web GUI (not to be confused with Remote Management in the Nighthawk app).
Turning off Remote Management in your product Web GUI significantly reduces your risk of exposure to these vulnerabilities.
Please keep in mind that Remote Management in your product Web GUI is turned off by default, so if you never enabled Remote Management in your product Web GUI, you do not need to take any action to disable Remote Management in your product Web GUI.
Please note that the Remote Management feature in your product Web GUI is different from the Remote Management feature in the Nighthawk app. You do not need to turn off Remote Management in the Nighthawk app and doing so will not serve as a workaround for these vulnerabilities.
If you have Remote Management in your product Web GUI turned on, please turn it off immediately.
How to turn off Remote Management in your product Web GUI:
- On a computer that is part of your home network, type http://www.routerlogin.net in the address bar of your browser and press Enter .
- Enter your admin user name and password and click OK . If you never changed your user name and password after setting up your router, the user name is admin and the password is password .
- Once you have logged in successfully, select the ADVANCED tab on the browser screen.
- Click on Advanced Setup
- Click on Remote Management .
Note: on some products you may need to click on Web Services Management instead
- If the check box for Turn Remote Management On is checked, click on it so that the box is unchecked. Then click Apply to save your changes.
- If the check box for Turn Remote Management On is unchecked, then click Cancel to leave the page as Remote Management is already turned off.
As a reminder NETGEAR recommends following best practices to secure your home network by using a strong & unique WiFi password, and not sharing your WiFi password. Use the Nighthawk App to monitor devices connected to your WiFi network, and block unknown devices; check that your product has the latest firmware and update it with a single click.
This community article will be updated as new information becomes available.