Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

More Security Holes Discovered in Netgear Routers

February 2, 2017

Netgear is in the cross hairs again. Researchers at Trustwave have discovered two vulnerabilities that allow recovery of the administrative password to anyone with network access to the device. This is particularly disturbing if you have enabled administrative access from outside the network. I would never recommend that you allow the router to be configured from a device residing on the Internet. The vulnerability does leave you exposed to anyone on the inside network, but that's better than opening it up to the entire world.

The vulnerabilities impact over 30 models of Netgear routers. All of the impacted models are listed on the welivesecurity site. Netgear has fixed the problems in a new firmware release for around 20 of the models. If you have an impacted model, immediately install the firmware update if available. Make sure you disable remote management even if you've installed updated firmware.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
http://www.senseient.com