Skip to main content

Update Netgear Routers Firmware Or Risk Password Compromise

By February 17, 2017March 1st, 2023Cybersecurity

It hasn’t been a good time for Netgear. In recent months, security researchers across the industry have identified several critical security flaws that could leave your network exposed and vulnerable to attacks.

The most recent were discovered by the security firm Trustwave which reported their findings to Netgear.

These flaws revolve around the ability to connect to the router, either in person, or via remote access and make use of the passwordrecovered.cgi, which is a trivial operation that even a hacker of modest skill can perform.

When a call is made to this routine, the router will dutifully give up its password to whoever is requesting it with no checks or validations at all. Of course, once the hacker has the admin password to the router, the rest of your network is theirs for the taking.

Netgear was a bit slow to respond to this most recent vulnerability, but they did issue an advisory about it on their website. A couple of months after that, the company followed up with a firmware update to close the security hole.

The problem is that many people don’t regularly update their router firmware. The estimates are that potentially millions of routers in service today could be unpatched, and thus vulnerable to this extremely simple, yet devastatingly effective hack.

This will definitely not the be the last such flaw discovered. Hardly a week goes by that we don’t learn of some new vulnerability in one or more critical systems that your business relies on.

In this case, the best moves you could make would be to ensure you’re running the latest firmware and disable remote router access, which limits your risk because the only other way this security flaw could be exploited is if the hacker had direct access to the equipment.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.