Last week Netgear rolled out a firmware update only for its wireless router model NightHawk R7000, but experts discovered it included a remote data collection feature that collects router’s analytics data and sends it to the vendor.

Experts believe Netgear will release firmware updated with this feature also for other router models in upcoming days.

The last firmware issued by the company include a remote data collection feature that gathers the following information from the devices:

• Total number of devices connected to the router
• IP address
• MAC addresses
• Serial number
• Router’s running status
• Types of connections
• LAN/WAN status
• Wi-Fi bands and channels
• Technical details about the use and functioning of the router and the WiFi network.

Netgear downplayed the issue declaring that the procedure in the new firmware is a routine diagnostic data.

“Technical data about the functioning and use of our routers and their WiFi network can help us to more quickly isolate and debug general technical issues, improve router features and functionality, and improve the performance and usability of our routers.” reads the advisory published by NetGear.”Such data may include information regarding the router’s running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network.”

Of course, customers are concerned about this data collection, especially about IP address and MAC address being collected by the firm.

Users can disable this feature following the instructions published by Netgear:

1. Launch a web browser from a computer or mobile device that is connected to the network.
2. Enter http://www.routerlogin.net.
   A login window opens.
3. Enter the router user name and password.
   The user name is admin. The default password is password. The user name and password are case-sensitive.
   The BASIC Home page displays.
4. Select ADVANCED > Administration > Router Update.
   The Router Update page displays.
5. Scroll down to the Router Analytics Data Collection section.
6. To enable router analytics data collections, select the Enable radio button.
7. To disable router analytics data collections, select the Disable radio button.
8. To view the type of data that might be collected, click the router analytics data link.
9. Click the Apply button.
   Your settings are saved.

Some experts are questioning how router data is stored by the company.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Netgear R7000 and R6400 routers, hacking)

[adrotate banner=”13″]