NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Security fixes in various firmware versions
I am going through Netgear's security bulletins on
https://www.netgear.com/about/security/
1st observation: A boatload of fixes were announced on 9/17/2020. The RBK7XX and RBK8XX are a hot mess! Many issues fixed for those systems.
2nd observation: For RBK50, a zero day vulnerability (ZDI ID: ZDI-CAN-11076) was fixed in ver 2.6.1.40. Per
https://www.zerodayinitiative.com/advisories/published/
this rated at 8 8.8/10. So, very severe.
I couldn't get any other info on this vulnerability. But, as this is a known zero-day exploit, I'll try to update my system to 2.6.1.40.
Any advice for me? Any gotcha's w this version?
Thx.
Aloke
PS: the release notes for 2.6.1.40 "helpfully" says: Fixes security issues :smileyfrustrated:
3 Replies
Thanks for providing the URL. I have (long) wondered why Netgear provided no link to what these "security fixes" are in product release notes. No idea what the "search box" accomplishes.
Are you using your Orbi in router or AP mode ?
I've also seen the ZDI and I'm still on 2.5.1.16 because all newer FW are close to unusable for me.Therefore all these questions seems to be important for newer firmwares:
- are you using the Orbi system in Router or AP mode ?
- Are you using "Access Control" ?
- Are you using "Port Forwarding" ?
- Are you using "Dynamic DNS" ?
- Have you configured "VPN Service" ?
- Are you using "LAN Address reservation (bind MAC to a fix IP address) ?
- Have you done a factory reset after the upgrade ?
I use it in router mode and I'm using all the features above. But I don't want to do a factory reset. Or can I just import the saved configuration afterwards?
There are some user experiences with 2.6.1.40 but it looks like all these are using their Orbi only in AP mode.
