We previously covered the release of the NETGEAR Insight App as part of the OS 6.6 upgarde (read our review here).
NETGEAR is aware of a security vulnerability in the password management system used for the NETGEAR Insight app.
This security vulnerability is present in the following app versions:
- NETGEAR Insight iOS and Android apps, version 2.12 and earlier
NETGEAR has fixed this security vulnerability in the latest version of both the iOS and Android Insight apps, version 2.42.
If automatic app updates are enabled on your iOS or Android device, your mobile device will download these app updates automatically; you do not need to take any action to receive the security fix in this update. However, you might be prompted to change your password the next time you log in.
If automatic app updates are disabled on your iOS or Android device, you must download the latest version of the Insight app to receive the fix for the password management security vulnerability. You might also be prompted to change your password the next time you log in. For more information about downloading app updates, see the documentation for your mobile device or mobile operating system.
NETGEAR strongly recommends that all affected users download the app update that fixes the password management security vulnerability as soon as possible.
You might be unable to log in or use the Insight app until you update to the latest version. NETGEAR is not responsible for any consequences that could have been avoided by updating to the latest version of the Insight app as recommended in this notification.
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR’s mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
To report a security vulnerability, visit https://bugcrowd.com/netgear.
If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at firstname.lastname@example.org.
For all other issues, visit http://www.netgear.com/about/security/.
The email@example.com email address is no longer accepting messages and is no longer actively monitored.
If you liked this article, please consider sharing it with your friends and leaving a comment below.