NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Orbi RBR 50 hacked - Netgear, what are you doing to protect us?
I got a suspicious email on gmail 2 weeks ago - one of those "whats up" with no message body. I don't think I even opened it, but something triggered in the msg preview and seemed to run something. I was using my Macbook and viewing gmail in Chrome. The one shortcoming on my part was that there was a Chrome update pending. Otherwise I had everything up to date including my MacOS, windows machines, orbis and the satellites.
Shortly after I started getting warnings that websites weren't using HTTPS on the mac and two other of the computers on my network. Then realized I could not log into the Admin screen on my Orbi. I even got msgs about invalid certs to attach to my work email on my iphone, which uses wifi when I'm home.
After a quick panic and searching around I determined it was the Router, so I did a hard reset and rebuilt everything and all is well. I don't think I exposed anything critical. I use a good password mgr and realized something happened right away.
My network is an RBR50 and 3 satellites running RBRS50. I also subscribe to Armor and have bit defender on the machine that seemed to start it all.
I noticed two days later Microsoft and Apple had emergency patches. Chrome too. Netgear, nothing.... I can't provide any details of what exactly happened, but I assume I'm not alone. Netgear, we expect more protection from you!!!
Thx, between coverage issues upstairs, and needing ethernet jacks for the NAS in the mezzanine area, I ended up with 3 satellites. One thing I didn't realize is that the 5G signals probably have a harder time penetrating the metal walls around the BR and that 2.4 would have been better.
Anyway I appreciate your help. But it's kind of for naught.
Yesterday the internet in our neighborhood went out and when it came back on, the RBR50 would not reboot. Steady green light but nothing would reset it. I tried all the methods I could find. Even tftp would connect and seem to upload the file but then would fail.
So I went down to B&H photo and walked out with an ASUS XT9. Setup was a breeze. I'm trying just two units and opposite ends of the apartment. We'll see if my wife notices I moved the NAS to the bedroom! She wouldn't like it much in the living room either. Setup and performance seems good so far and hopefully I can stick with just the two units. I like that both units can be routers or satellites, which gives me options in case one fails or we move.
As for whether I was hacked a few weeks ago or the router was the initial stages of the router failing, who knows. I still think it acted like a hack.
The clincher to ditching netgear was seeing how many people report bricked RBR50s as well as how many have resorted to alternate firmware. I just don't have time for all that. So in the end if I can revive the RBR, great. Otherwise I'll just put the satellites on craigslist and be done with Netgear for a while.
Thx
11 Replies
Highly doubtful the Orbi system was hacked.
What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
Be sure your using a good quality LAN cable between the modem and router. CAT6 is recommended.What is the size of your home? Sq Ft?
What is the distance between the router and 📡 satellite(s)? 30 feet or more is recommended in between RBR📡 and RBS🛰️ to begin with depending upon building materials when wirelessly connected.Has a factory reset and setup from scratch been performed since last FW update? A complete pull of the power adapters for a period of time after the factory reset then walk thru the setup wizard and setup from scratch with a wired PC and web browser. https://kb.netgear.com/22697/How-do-I-install-my-NETGEAR-router-using-the-router-web-interface
Recommend setting the default DHCP IP address pool range to the following after applying and a factory reset: 192.168.#.100 to 192.168.#.200.
https://kb.netgear.com/24089/How-do-I-specify-the-pool-of-IP-addresses-assigned-by-my-Nighthawk-router
I would power OFF the ISP modem for 1 minute. Factory reset the Orbi router and power it off. Power ON the ISP modem and let it sync. Then power ON the Orbi router and walk thru the setup wizard again using a wired PC and a web browser.
Press the back reset button for 15 seconds then release.
https://kb.netgear.com/31486/How-do-I-reset-my-Orbi-system-to-factory-default-settings
https://kb.netgear.com/000062081/How-do-I-erase-the-configuration-settings-on-my-Orbi-WiFi-SystemI can't say for certain what happened, however something was redirecting https traffic to http and if it wasn't for it being common for websites to warn you of this now, I would not have noticed this. And this was happening from other computers on my network (mac and win) including one from work that's highly locked down. Also, the fact that I could no longer log into the orbi admin screens or use the ios app are pretty strong indications of the router being hacked.
I check for updates fairly frequently in either the IOS app or the web admin screen but haven't seen any in a while. These are the versions post this incident. I don't recall if I forced an update or not when I did the hard reset. But I do use the Orbi app to check for updates often and always have. Maybe the update function itself is not that reliable? Just looking at my status screen now, why is one of the satellites running an older version yet orbi sees no update?
The isp is spectrum and I use their modem. DHCP is using that router range already. The cable connecting the modem and the RBR50 is 2' long and probably fine. Never had a problem like this before over several years.
The distance between sats and size of my home shouldn't make a difference. My apartment is about 1100ft2 but is kind of a duplex. Also there's an outdoor area but wall of the structure on the roof is clad in a metal siding, so there's a satellite just to provide more coverage there. I started with one base and one satellite but then added the satellites to solve dead spots I couldn't resolve by just moving the sats around.
Thx
Because you can't seem to log in or use the orbi app is not an indicator of the system being hacked. You might scan all of your PCs with MalwareBytes to be sure nothing on your system is compromised.
Ya Auto Update has been problematic over the years.
Also distances between the RBR and RBS can play a roll in how AU works.
Sat#2 should be updated to same version as rest of system. You can manually update this RBS.
For that size of home you have too many RBS running. I'd turn OFF two RBS. At least one RBS.
Has a factory reset and setup from scratch been performed since last FW update? A complete pull of the power adapters for a period of time after the factory reset then walk thru the setup wizard and setup from scratch with a wired PC and web browser. https://kb.netgear.com/22697/How-do-I-install-my-NETGEAR-router-using-the-router-web-interface
Recommend setting the default DHCP IP address pool range to the following after applying and a factory reset: 192.168.#.100 to 192.168.#.200.
https://kb.netgear.com/24089/How-do-I-specify-the-pool-of-IP-addresses-assigned-by-my-Nighthawk-router
I would power OFF the ISP modem for 1 minute. Factory reset the Orbi router and power it off. Power ON the ISP modem and let it sync. Then power ON the Orbi router and walk thru the setup wizard again using a wired PC and a web browser.
Press the back reset button for 15 seconds then release.
https://kb.netgear.com/31486/How-do-I-reset-my-Orbi-system-to-factory-default-settings
https://kb.netgear.com/000062081/How-do-I-erase-the-configuration-settings-on-my-Orbi-WiFi-System
https://kb.netgear.com/9665/How-do-I-perform-a-factory-reset-on-my-NETGEAR-routerOne User Experience/Configuration:
https://community.netgear.com/t5/Orbi/Most-Stable-Orbi-Configuration/m-p/1941087/highlight/true#M97026
