search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Netgear FVS318N router default remote management vulnerability

Vulnerability Note VU#928795

Original Release Date: 2012-04-02 | Last Revised: 2013-04-03


Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router's remote management feature is enabled by default.


Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router allows remote (WAN) internet users access to the administrator web interface of the device by default.


A remote unauthenticated attacker may be able to access the administrator web interface of the device.


We are currently unaware of a practical solution to this problem.

Disable the remote management feature

We recommend users disable the remote management feature inside the administrator web interface of the device.

Vendor Information

Expand all

Netgear, Inc.

Notified:  January 16, 2012 Updated:  January 16, 2012



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal 6.1 E:F/RL:W/RC:UC
Environmental 1.6 CDP:L/TD:L/CR:ND/IR:ND/AR:ND



Thanks to David Barker of Electrosonics, Inc. for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: None
Date Public: 2012-04-02
Date First Published: 2012-04-02
Date Last Updated: 2013-04-03 19:26 UTC
Document Revision: 15

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.