====== Hardware - Routers - Netgear Routers ======

<WRAP alert>
**ALERT:**  Recommendation is to stay away, as security is taken very lightly.
</WRAP>

----

===== Genie Issue =====

Many Netgear routers have a [[https://kb.netgear.com/000048998/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-or-Modem-Routers-PSV-2017-1208|remote authentication bypass]] bug.

This means malware or miscreants that are on your network, or anyone else is able to reach the device's web-based configuration interface, can gain control without having to provide a password.

Just stick the following in the URL to gain full access:

<code>
&genie=1
</code>

<WRAP important>
**NOTE:**  The **genie_restoring.cgi** script, provided by the box's built-in web server, can be abused to extract files and passwords from its filesystem in flash storage – it can even be used to pull files from USB sticks plugged into the router.

</WRAP>

----

===== Protected Setup button Issue =====

Pressing the Wi-Fi Protected Setup button, many of Netgear's routers open up a two-minute window during which an attacker can potentially execute arbitrary code on the router as root over the air.

----

===== References =====

https://kb.netgear.com/000048998/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-or-Modem-Routers-PSV-2017-1208

https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677