NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Netgear Support
This post is purely informational, mostly a venting session because I just got another silly request from Netgear support. Thus: no help or reply is needed here. Comment at your leisure.
If you happen to feel you need technical support in your new expensive Orbi product, and you email Netgear support within your free 90 day window - check to see if Sheena is reponding to your request. What everscript being used is hilarious to read - but do not expect it to be in any way helpful. And, you can expect to read that script every reply you get from this tech for months as you 90 days rapidly expires with the 4 to 6 day repsonse time between the replies to your questions.
Have this ready: The latest firmware. The firmware before the latest (no clue where to get this, but they ask you to flash it). The firmware before the last to latest (again, no clue where to find it). Have several toothpicks handly, you'll wear them out reseting the device between reflashes. And be prepared to call your ISP to ask why their config scripts aren't designed solely for your Netgear product because of routine script issues like "TLV-11 - unrecognized OID" when the ISP sends a new config down the pipe to their customers.
If fact - all four of my support tickets dating from February are unresolved - any that are closed is because I stopped reposnding once I returned the CBK752 kit. I still own the CBK40 kit, and continue to use it. At least it understand DNS and doesn't barf on every 10th DNS request. The CBK40 kit is susceptable to certain buffer overrun errors - Netgear knows about this vulnerability yet hasn't patched this 'ancient' product line. Hey - I understand, it's over 90 days old, so no longer thir problem. The saving grace is the internal cable modem may limit the severity by retarding the attack vector to the internal router buffers. But it is easy to break the router from the LAN side with simple overruns. But I digress.
One positive note - for the time being - at least Netgear is not requiring smart phone app based router management. Though, the fact you can't turn off said app based management is in itself a serious security risk.
4 Replies
great post....i need to run out and get more toothpicks.....in reality I've never called NG support or should I say the few times I may have I couldn't understand them.
One of the reason I try my best to keep my system as close to plug and play as possible.
GWild wrote:One positive note - for the time being - at least Netgear is not requiring smart phone app based router management. Though, the fact you can't turn off said app based management is in itself a serious security risk.
My impression has been that installing the Orbi "app" is entirely optional. Don't install the app and (because it's not installed) do not connect it to the Orbi. If it was installed, then delete the app, change the Orbi management password and change the Netgear login password. What am I missing?
I have long suspected "memory leaks" might be responsible for some of the Orbi quirks. Can you point to a discussion that explains buffer overruns?
Thanks
Go here ...
https://www.netgear.com/about/security/
CrimpOn wrote:
I have long suspected "memory leaks" might be responsible for some of the Orbi quirks. Can you point to a discussion that explains buffer overruns?
CrimpOn wrote:My impression has been that installing the Orbi "app" is entirely optional. Don't install the app and (because it's not installed) do not connect it to the Orbi. If it was installed, then delete the app, change the Orbi management password and change the Netgear login password. What am I missing?
True - and that is a good thing. Some companies are going down the path you must use a phone app to set up the router and leaving out all web based management.
A side bar is the Netgear CBK40 and CBR752 products can be controlled remotely - that is - you can affect settings without a wire physically connected to the device. While I have not hammered on this method, it is well known and well documented that management of any device via airways (like Bluetooth or WiFi) is a huge security hole. The response I got from Netgear? "Do you believe username and password isn't enough?" When I asked how I could change the username to something other than the default admin all I got was silence: so there went 50% of that security feature. And under Remote Management options on the CBR40 kit (not available on the CBR752 kit) all you can do is disable the WAN side of things; with no control over WiFi access to the settings: anyone who can hack into your WiFi network is probably smart enough to exploit the many known Negear router vulnerabilities/hacks out there to log in as admin.
Why is security a such a concern to me? I lived next to a guy who spent his days hacking into wifi networks in the neighborhood - caught him banging my WiFi password for over a year - no clue if he ever got inside - there were known WPA2-AES hacks so he probably should have been able to. He even tried setting up a honeypot with the same SSID, lol. And we all can see the many remote port scanners working if you just look at your router logs. One of them successfully got into my CBK752 within hours of allowing a single port through to a Linux based security cam server (tracked it down to a Russian group in Moldovia operating through a VPN server in Georgia, US).
As they say - I try to be a good citizen and keep my doors locked if only to keep my neighbors honest. A friend who didn't, he is a pragmatist and left his doors unlocked so that thieves wouldn't break a window to get in, found out that theives don't even bother checking the lock - they just break the window. Again, digression.
So maybe I am just wasting time and effort worrying about security.
