Security Vulnerability in Arlo Wire-Free WiFi Default Password

NETGEAR is aware of an Arlo WiFi default password vulnerability that can allow hackers to log into the Arlo base station and capture traffic and images by generating an easily recognised code. The following situations can lead to vulnerability:

When a user does a factory reset, the base station generates a pass that is immediately identifiable.

When a user uses any of the Arlo user interfaces, the internet, or the mobile apps to delete the base station from their account.

Arlo Wire-Free base stations running firmware version 1.7.3 5005 or older are vulnerable. Log in to your Arlo account and go to Settings > About to see what firmware version you have.

By the middle of June, NETGEAR aims to release firmware version 1.7.5_6178, which will provide a secure unique default pass. Arlo Wire-Free base stations that are online will automatically receive firmware updates once the firmware is ready.

After the firmware release, NETGEAR strongly recommends that you complete these steps to address the vulnerability

Ensure that the firmware on your Arlo Wire-Free base station has been updated to version 1.7.5 6178.

Reset the base station to factory settings.

Important: For the security update to take effect, you must complete a factory reset correctly.

Visit https://sites.google.com/view/arlocameraguide/how-to-setup-baby-arlo/easy-5-tips-to-fix-netgear-arlo-log-in-issue_1?authuser=2

If the base station was removed, re-add it to the account.

Visit https://zenithdiaz095.medium.com/how-to-extend-the-range-of-the-arlo-base-station-277523c7ebec to make sure your base station hasn't been deactivated and to add your base station back to your system.

Re-sync the Arlo cameras that were removed from the account.

To resync the cameras, go to https://community.netgear.com/t5/Arlo-Knowledge-Base/How-do-I-set-up-and-sync-my-Arlo-Wire-Free-cameras/ta-p/987/Sync your Cameras with the Base Station.

Note that if the advised procedures are not followed exactly, the Arlo WiFi default password vulnerability will persist, and hackers may be able to enter into the Arlo base station and record traffic and images. NETGEAR is not liable for any repercussions that could have been prevented if the firmware had been updated as instructed in this notification.

As more information becomes available, NETGEAR will update this Knowledge Base article.

You can approach us at security@netgear.com if you have any security concerns.

We value and appreciate it when security problems are brought to our attention. NETGEAR is always on the lookout for known and unexpected threats. At NE, we believe in being proactive rather than reactive when it comes to new security threats.

NETGEAR's objective is to be the most inventive company in the world when it comes to connecting the world to the internet. To accomplish this goal, we work hard to earn and keep the trust of customers who rely on NETGEAR devices for their connectivity.

To read more visit arlo com support