Netgear router owners please update your firmware

Published by

teaser

Back in December a vunerability has been exposed on Netgear routers. Most routers already had firmware updates available and most of them can be updated. However Both Netgear and Cert now again issue a warning, please up update your firmware ASAP.



The problem is that due to a security issue anyone can login to your router as the admin password can be read out from the web-side. All information and firmware links can be found here.

If your router is not in the list just yet, please simply disable remote management. Which properly is an advise for any router in existence. 

Firmware fixes are currently available for the following affected devices. To download the firmware release that fixes the password recovery vulnerability, visit the firmware release page for instructions:

  • R8500
  • R8300
  • R7000
  • R6400
  • R7300
  • R7100LG
  • R6300v2
  • WNDR3400v3
  • WNR3500Lv2
  • R6250 
  • R6700 
  • R6900
  • R8000
  • R7900
  • WNDR4500v2
  • R6200v2
  • WNDR3400v2

NETGEAR has also released firmware that fixes the web password recovery vulnerability for the following cable modem router:

  • C6300

For cable products like the C6300, new firmware is released by your Internet service provider after NETGEAR releases it to them. The firmware fix for the C6300, firmware version 2.01.18, has been released to all service providers. Until your service provider releases the firmware fix to you, NETGEAR strongly recommends that you use the workaround procedure explained in this article. To see your C6300’s current firmware version, visit the following knowledge base article and follow the instructions: How do I view the firmware version of my cable modem or modem router?.

NETGEAR has tested the following devices and confirmed that they are not affected by the web password recovery vulnerability:

  • DGN2200v4
  • V6510

For the following affected products, NETGEAR recommends using the workaround procedure explained in this article.

Router Model and Firmware Version:

  • R6200 v1.0.1.56_1.0.43
  • R6300 v1.0.2.78_1.0.58
  • VEGN2610 v1.0.0.36
  • AC1450 v1.0.0.34_10.0.16
  • WNR1000v3 v1.0.2.68_60.0.93
  • WNDR3700v3 v1.0.0.40_1.0.32
  • WNDR4000 v1.0.2.4_9.1.86
  • WNDR4500 v1.0.1.44_1.0.73

DSL Gateway Model and Firmware Version:

  • D6400 v1.0.0.44
  • D6220 v1.0.0.12
  • D6300 v1.0.0.96
  • D6300B v1.0.0.40
  • DGN2200Bv4 v1.0.0.68

If your affected product does not have a firmware fix available, NETGEAR strongly recommends that you follow this workaround procedure to remediate the vulnerability:

  1. Manually enable the password recovery feature on your device.
    For more information, visit Configuring router administrative password recovery.
  2. Ensure that remote management is disabled.
    Remote management is disabled by default. For more information, check the user manual for your product, which is available from http://www.netgear.com/support/.

The potential for password exposure remains if you do not complete both steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.

Netgear router owners please update your firmware


Share this content
Twitter Facebook Reddit WhatsApp Email Print