====== Hardware - Routers - Netgear Routers ======
**ALERT:** Recommendation is to stay away, as security is taken very lightly.
----
===== Genie Issue =====
Many Netgear routers have a [[https://kb.netgear.com/000048998/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-or-Modem-Routers-PSV-2017-1208|remote authentication bypass]] bug.
This means malware or miscreants that are on your network, or anyone else is able to reach the device's web-based configuration interface, can gain control without having to provide a password.
Just stick the following in the URL to gain full access:
&genie=1
**NOTE:** The **genie_restoring.cgi** script, provided by the box's built-in web server, can be abused to extract files and passwords from its filesystem in flash storage – it can even be used to pull files from USB sticks plugged into the router.
----
===== Protected Setup button Issue =====
Pressing the Wi-Fi Protected Setup button, many of Netgear's routers open up a two-minute window during which an attacker can potentially execute arbitrary code on the router as root over the air.
----
===== References =====
https://kb.netgear.com/000048998/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-or-Modem-Routers-PSV-2017-1208
https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677