NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

apsmiles's avatar
apsmiles
Aspirant
Jun 29, 2025

Security Flaw - Orbi App - LogOut All

Hi

   I felt that someone has cracked my orbi App ie Netgear portal username and password. 

 

As a security measure I have now enabled 2 FA. This should protect me from all future threats but what about past ones. I have changed the password too. But the person who was already signed in will remained signed in as there is no option in Orbi App or Netgear account to "sign out from all instances".

 

May be I am missing something. Can someone help?

Regards

6 Replies

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User

    If the router is rebooted, that should break the connection to instances of the Orbi app and force those applications to log in again.

     

    This should be relatively easy to confirm. 

    • Open the Orbi app on some device.
    • Reboot the router.
    • Observe the Orbi app.

    Question: is Anywhere Access enabled?

    • apsmiles's avatar
      apsmiles
      Aspirant

      Hi,

        Tried rebooting, but it did not fix the problem.

       

      Yes anywhere access was on. When I connected locally it allowed me to log out from my App - But not all other instances.

       

      I use gmail, they have this feature - signout from all logged in locations; particularly when you change the password.

      • CrimpOn's avatar
        CrimpOn
        Guru - Experienced User

        Thanks for investigating this.  Requesting a new feature in the Orbi app appears to be appropriate, although how Netgear will prioritize developing such a feature is anyone's guess.  One could argue that 2FA and the need for local access reduce the chances of this happening to such a low level that the benefit may not be worth the cost.

         

        • A device must be connected to the local network to access the router the first time.  Having learned the account email/password is of no value without the ability to connect locally.
        • Once connected locally, the Anywhere Access feature could be enabled to allow access remotely using that device.  (This is a per device activation.  Some devices can be enabled and others not enabled.)

         

        The battle between parents and children over internet use is a feature of modern life.  If someone gets physical access to your phone and can open apps, the "game is lost".

  • michaelkenward's avatar
    michaelkenward
    Guru - Experienced User
    apsmiles wrote:

    I felt that someone has cracked my orbi App ie Netgear portal username and password.

    What makes you think that?

     

    apsmiles wrote:

    I have changed the password too.

    Change the wifi password, not the router password, and past connections won't work.

    • apsmiles's avatar
      apsmiles
      Aspirant

      What makes you think that?

            It is my son :J I block their devices at night so that they are not distracted by them. To revenge this he has managed to change the password using my phone (email and app). But this lead me to think, that if someone else has seen my password, say from the data leaks that keep happening, then I can not force them to log out even if I change my password and enable 2FA.

       

       

      Change the wifi password, not the router password, and past connections won't work.

            I will try this and update.

       

       

      • apsmiles's avatar
        apsmiles
        Aspirant

        UPDATE: 

        Sorry I misread the second suggestion. Of course that has been an option to change the wifi password and monitor who is joining. 

        And Yes, updating router password doesn't change anything.

         

        But I raised this ticket to reach out to Orbi App developers to create this most common sensical functionality. For example, what pained in my case is - Despite changing the password for the App, the old logged in users (with old password) are still able to enjoy the app. This is a design flaw when someone was creating the design of this App.