Flaw In Netgear Wi-Fi Routers Exposes Admin Password, WLAN Details

Discussion in 'Technical' started by sec_monkey, Feb 17, 2015.

  1. sec_monkey

    sec_monkey SM Security Administrator

  2. Yard Dart

    Yard Dart Vigilant Monkey Moderator

    sec_monkey likes this.
  3. Dunerunner

    Dunerunner Brewery Monkey Moderator

    Thanks for the heads up, SM... [winkthumb]
    sec_monkey likes this.
  4. Motomom34

    Motomom34 Moderator Moderator Site Supporter+++

    We have Netgear. Thanks @sec_monkey, I truly appreciate the alert on this one.
    sec_monkey likes this.
  5. sec_monkey

    sec_monkey SM Security Administrator


    Nearly all WiFi routers have similar flaws. WiFi is not secure :(

    Wired routers also have flaws, WiFi just makes flaws much worse.
    Yard Dart and Motomom34 like this.
  6. 3M-TA3

    3M-TA3 Cold Wet Monkey

    Just swapped out my netgear (ran GREAT for several years) for Asus RT-68W, though found out about this flaw reading this thread. Always read the manual thoroughly, turn off anything you don't need, and for heaven's sake don't use your dog's name as the admin or other passwords. If you do, at least spell it funky - Rover = r0V3r! .
    Last edited: Feb 17, 2015
  7. Airtime

    Airtime Monkey+++

    Motomom34 likes this.
  8. Mindgrinder

    Mindgrinder Karma Pirate Ninja|RIP 12-25-2017

    3M-TA3 and sec_monkey like this.
  9. 3M-TA3

    3M-TA3 Cold Wet Monkey

    respelled my way - pHy6@u#
    sec_monkey and Motomom34 like this.
  10. 3M-TA3

    3M-TA3 Cold Wet Monkey

  11. melbo

    melbo Hunter Gatherer Administrator Founding Member

  12. Altoidfishfins

    Altoidfishfins Monkey+++

    Thanks Sec-

    I have one of the affected models but the remote mgmt is turned off. I've owned this unit for 3 or 4 years and it still has the original firmware, which is not one of those listed. Looks like I won't be updating the firmware anytime soon.

    Also - if given the option, NEVER broadcast your SSID unless you have to in order to set up a wireless device for the first time on your network. Then TURN IT OFF when you're done.

    And use good encryption - not WEP! I'm sure it can all be hacked, but the more difficult it is to do, the less likely it will happen.

    I'm certainly no networking guru, but a little common sense can go a long way.
    Mindgrinder and kellory like this.
  13. Mindgrinder

    Mindgrinder Karma Pirate Ninja|RIP 12-25-2017



    TBH - when resetting my customers email passwords, if they can't quickly come up with a good pw that they can remember - I suggest 5555551212V0T1W0. (phone number starting with # followed by their postal codes. (or vise versa).
    Last edited by a moderator: Mar 5, 2015
    Motomom34 likes this.
  14. Airtime

    Airtime Monkey+++

    Hmmm... Four words eh? Got it!
    Damn password remember can't

    Even got a capital letter and punctuation mark in there!
  15. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

  16. Yard Dart

    Yard Dart Vigilant Monkey Moderator

    I guess that mean's that I should not use admin as a password?? Crap, I have some changes to do :lol:
    Altoidfishfins and Tully Mars like this.
  17. 3M-TA3

    3M-TA3 Cold Wet Monkey

    Try "password" - nobody will ever guess it...

survivalmonkey SSL seal        survivalmonkey.com warrant canary