Hundreds of thousands of Netgear routers are vulnerable to password bypass. Security researcher Simon Kenin discovered the flaw and confirmed the vulnerabilities can be remotely exploited. Trustwave reported the vulnerability to Netgear in April 2016, but the company only issued updates for a number of models. The owners of the unpatched devices have to manually enable password recovery and disable remote management on their Netgear router to avoid problems. The vulnerabilities have been assigned CVE-2017-5521 and TWSL2017-003.”]
Source: https://securityaffairs.co/wordpress/55829/iot/netgear-routers-flaw.html