Netgear Router Passwords Vulnerable to Hack, Firmware Fix Issued for Most Affected Models

Advertisement
By Shekhar Thakran | Updated: 1 February 2017 16:04 IST
Highlights
  • Netgear has issued a fix for 18 out of 31 vulnerable routers
  • The flaw was exposed by cyber-security firm Trustwave
  • Devices with remote management enabled vulnerable to hack
Netgear Router Passwords Vulnerable to Hack, Firmware Fix Issued for Most Affected Models

Netgear has issued firmware updates for several of its router models in response to a vulnerability, which was exposed by a cyber-security firm, on its devices that could reportedly be used by hackers to get full access to the device by recovering the admin password. Netgear has acknowledged that the vulnerability occurs when an attacker can access the internal network or when remote management is enabled on the router. The firmware updates follow a warning by US-CERT in December that along with Netgear identified three vulnerable routers made by the company.

Trustwave, the firm which disclosed the flaw, has claimed that the vulnerability is present on more than 10,000 devices that are remotely accessible. "The real number of affected devices is probably in the hundreds of thousands, if not over a million," Trustwave researcher Simon Kenin said in his blog post. In total, 31 models have been listed as vulnerable to the disclosed flaw and Netgear has issued a patch for 18. Two of the models that were previously listed as vulnerable are listed as non-vulnerable now, Kenin points out. The flaw allows attackers to access Web GUI login passwords while password recovery is disabled.

Lazy Encryption Practices Endanger Millions of Internet-Enabled Devices: Report

Even though the remote management feature is turned off by default on devices, it can be turned on through advanced settings by users, Netgear said in its post. The firmware fix has been made available by the company for the following models:

Advertisement
  • R8500
  • R8300
  • R7000
  • R6400
  • R7300DST
  • R7100LG
  • R6300v2
  • WNDR3400v3
  • WNR3500Lv2
  • R6250
  • R6700
  • R6900
  • R8000
  • R7900
  • WNDR4500v2
  • R6200v2
  • WNDR3400v2
  • D6220
  • D6400

Netgear has also released firmware fix for the Web password recovery vulnerability for model V6510. The company has also issued a workaround measure for those devices that are vulnerable but have not received the firmware fix as of now. The gist of the workaround is to manually enable password recovery feature and ensure that remote management is disabled.

Readers who are currently using Netgear branded devices are strongly advised to update their model by going to the dedicated page from company's official post in order to avoid being exposed to a hack.

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Netgear Router Vulnerability, Router Remote Management Vulnerability, Netgear Router Vulnerability Fix, Trustwave, Cyber Security, Netgear Routers, PC, Laptops
Budget 2017: IRCTC Service Charge Waived on Booking Tickets Online
Nokia P1 Concept Render Video Highlights Flagship Nokia Android Phone's Design
Advertisement
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. iQOO 13 and More Available With Discounts During iQOO 5th Anniversary Sale
  2. Apple Announces iOS 26 With Liquid Glass Design, These New Features
  3. iOS 26, iPadOS 26 Are Compatible With These iPhone and iPad Models
  4. Poco F7 India Launch Teased; Flipkart Availability Confirmed
  5. Everything We Know About the Vivo T4 Ultra Ahead of Its June 11 Launch
  6. Samsung Galaxy Z Fold 7 Claimed to Be Thinnest, Lightest Foldable to Date
  7. Apple Turns Your iPhone Into Handheld Mic for Karaoke With tvOS 26
  8. Tata Motors to Invest up to $4 Billion Over Five Years for EVs, New Cars
  9. Lava Storm Play 5G, Storm Lite 5G Design Teased; India Launch Date Set
#Latest Stories
  1. WWDC 2025: visionOS 26 Announced With Improvements to Personas and New Spatial Features
  2. Samsung Galaxy Z Fold 7 Teased; Claimed to Be Slimmest, Lightest, and Most Advanced Foldable Yet
  3. Konami to Host Livestream Focussed on Metal Gear Solid Delta: Snake Eater and Silent Hill f This Week
  4. Disney to Pay Comcast $439 Million More for Its Hulu Stake
  5. WWDC 2025: Apple Announces tvOS 26 With Liquid Glass Design, Personalised FaceTime Experience, and More
  6. SpaceX Launches SiriusXM’s SXM-10 Satellite, Nails Booster Landing
  7. Tata Motors to Invest up to $4 Billion Over Five Years for EVs, New Cars
  8. iOS 26 and iPadOS 26 Drop Support for Three Older Devices: Check If Yours Made the Cut
  9. WWDC 2025: macOS Tahoe 26 to Be the Last Major Software Update for Intel-Powered Macs
  10. Apple Rolls out iOS 26 Beta 1; Know How to Download and Install, Check Compatible iPhone List
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.