NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

brise's avatar
brise
Aspirant
May 13, 2019

RBR50 High Risk Vulnerability

Netgear Armor (free trial) has completed a vulnerability assessment on my network and has identified a High Risk vulnerability on the RBR50 router itself. The description is "Basic auth found". Can s...
Orbi-Roc's avatar
Orbi-Roc
Luminary
May 13, 2019

Yes, a vulvenrability on the router itself. See his link:

 

Netgear products vulnerable to authentication bhpass flaws

 

I think this is what the scan result you got means. I thought for sure that this had long ago been addressed. Now I understand why Netgear is in no real hurry to roll-out the vulnerability assessment scan functionality! Is this all the scan report says - are there any dates shown or any kind of explanation ...

  • brise's avatar
    brise
    Aspirant
    May 13, 2019

    Thanks for the response. I looked at the links you provided and I don't see that the RBR50 was involved. In any case:

    1 - I had already set the password recovery option (as recommended) on the router.

    2 - It turns out that the Armor vulnerability alert showing is on each of the 2 RBS50 *satellites* (not the router). The date shown is yesterday - May 12. No other information is shown on the alert.

    3 - I am able to log in to the router and satellites individually using my admin user/pwd. I didn't expect to be able to log into a satellite - but there are no configuration options there anyway.

     

    Is this alert something I need to worry about? I guess the satellite access login is available only if already on my network.

    • Orbi-Roc's avatar
      Orbi-Roc
      Luminary
      May 13, 2019

      Hi again brise . I know the Orbi routers weren't part of this Netgear Security Alert. I was merely trying to point out that the issue reported in your vulnerability assessment scan is a known issue to Netgear with other routers; and since their own Netgear Armor reported it in the context of a vulnerability scan, then I assume that the Orbi routes also suffer from the same security flaw. I am no expert at this brise , far from it. I basically have the same Orbi set up you have and it makes me nervous that vulneraribility assessment scans are not being performed on a regular basis; even more so after reading your post. 

    • Orbi-Roc's avatar
      Orbi-Roc
      Luminary
      May 14, 2019
      brise wrote:

      "2 - It turns out that the Armor vulnerability alert showing is on each of the 2 RBS50 *satellites* (not the router). The date shown is yesterday - May 12. No other information is shown on the alert."

       

      I am puzzled with this. I didn't think that an Orbi satellite could be compromised in any way but only the router per se. I sure wish that a Moderator will chime to enlight us. My suggestion would be to contact Support. I've dealt with them before and got a response well within 24 hours. Good luck!