NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Rkmbch's avatar
Rkmbch
Aspirant
Dec 29, 2021

Auto update feature disable

I have invested 1400 Euros in this system but what Netgear does to disable you from stopping auto updates is just criminal, first it's gone from the UI, then telnet was removed and now it's impossible to block these updates the latest 2.7.3.22 breaks my three sattelite and router setups, drops connections and picks the furthest sattelite to be first in the mesh 2.7.2.104 works great my question so why...you wanna sell upgrades????? Ugh am so mad right now .. anyone has advice, I read the threads they don't help...

5 Replies

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Dec 30, 2021

    There are three known methods to block updates. Each has costs and benefits.

     

    Change the version number. Firmware update is based on comparing the value of a text file in the Orbi filesystem with a value on the update web site.  If the web site has a "higher number", then the firmware is updated.  If the text file has a higher number, then the firmware is not updated.  (This is how Voxel prevents Netgear from attempting to replace his third party firmware.)  There are several steps in this process and the "downside" is that the contents of the text file will be replaced from read only memory if the router is rebooted, such as after a power failure.  The steps are:

     

    • Download the previous firmware file that you want, such as 2.7.2.104 and extract the *.img file.
    • Disconnect the router from the internet (thus preventing it from checking for updates).
    • Manually install that firmware on the router.
    • Enable telnet on the debug page: http://orbilogin.net/debug.htm
    • Use a telnet program to connect to the orbi router (Windows telnete built-in. I prefer the freeware program PuTTY).
    • type this command:  echo V9.7.2.104 >firmware_version
    • Type this command: cat firmware_version
      You should see V9.7.2.104
    • Type exit to close the telnet session.
    • Reconnect the Orbi to the internet.
    • Be sure and keep these instructions and the *.img file handy in case the router reboots for any reason.

    Dollar cost: zero.  Time cost: varies by person: Downside: not permanent.

     

    Place another router ahead of the Orbi and use it to block updates. If the Orbi cannot reach the update site, it cannot update.  Many customers have the previous WiFi router sitting in a closet and can dust it off, connect it to the modem, and connect the Orbi router to it.  Others desperate for relief would have to purchase an inexpensive router.  Use a "block sites" function on that router to deny access to https://http.fw.updates1.netgear.com.  (Yes, there is an 'http' in the URL).

     

    This method brings up the issue of "Double NAT" which may need to be dealt with (or not, if the customer is not adversely affected by Double NAT.)  It is obviously more complicated to live with (keeping up with two routers. Finding physical space. etc.)  It works, and should not be affeced by power outages.

     

    Use OpenDNS to block updates. One Orbi owner discovered that a free account at OpenDNS.com can be used to block updates and described it in this post:

    https://community.netgear.com/t5/Orbi/Disabling-Auto-Update-Force-Update-firmware-version-2-7-3-22-for/m-p/2158729/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufEtWSlZNRTg5RjA5STFHfDIxNTg3Mjl8U1VCU0NSSVBUSU9OU3xoSw#M128368 

    (See message #10)

     

    When customers install and configure the router, there is a check box where we agree that Netgear may update the firmware without warning.  So, in a sense taking any of these steps would put the customer in breach of contract.  I did not see a check box saying the Netgear guarantees not to break the router by updating it, but I imagine a counter argument could be "You made me do it."

     

    • Mikey94025's avatar
      Mikey94025
      Hero
      Dec 30, 2021
      CrimpOn wrote:

      There are three known methods to block updates. Each has costs and benefits.

      Nice summary!  I would suggest listing the OpenDNS option first since it seems the most attractive - It is free, works with all Orbis (even those without telnet), and has well-defined steps that do not vary by hardware (like adding another router).

      • CrimpOn's avatar
        CrimpOn
        Guru - Experienced User
        Dec 30, 2021
        Good suggestion.

        This firmware update situation is really frustrating. The #1 security practice is to keep software updated, so customers are forced to choose between a stable network or security. And these issues do not affect every customer. (My Orbi has never done any of the crazy things I see people post about.) If every Orbi failed the same way, the problem would get priority.
    • Rkmbch's avatar
      Rkmbch
      Aspirant
      Dec 30, 2021
      Wow Crimpon,
      Thank you for your long reply I read through all of it and the telnet did not work for me before for a moment and then somewhow it grabs the update. I have done the DNS service, that worked as a charm the router and satelites report now service unreachable. Am now in the process of downgrading the satelites one by one the router is already on 104...I always have a Intel NUC on at home am running the DNS IP update there since my IP is dynamic although that is the only downside to the method this is the cleanest...thank you so much now I love Orbi again...
      • CrimpOn's avatar
        CrimpOn
        Guru - Experienced User
        Dec 30, 2021

        Glad your system is stable.

         

        There were other telnet hacks to prevent updates by setting some variables. I found changing firmware_version to be solid as long as the router does not reboot.