NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RBK653 Firmware Woes
Firmware not there: RBK653 = RBR750 + 2x RBR350 I purchased the Netgear RBK653 kit (Router + two satellites) a year and a half ago. Two months ago, Netgear released a firmware update for the rout...
What are these vulnerabilities that you refer too?
Links please.
Something to check with as well:
If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at techsupport.security@netgear.com
For all other issues, visit http://www.netgear.com/about/security/
To report a security vulnerability, visit https://bugcrowd.com/netgear
It's up to NG to deploy fixes for issues they find or brought to them.
Also up to NG to set EoL policy and such. The AC series is EoL as well as some AX series I see:
https://www.netgear.com/about/eos
FURRYe38, the release notes for firmware v7.2.6.31 specifically cites, "This firmware addresses security vulnerabilities," which indicates that it incorporates fixes over and above the prior firmware (v4.6.14.3) -- which makes sense since it's been almost a year and a half since the last update. But Netgear doesn't cite what is fixed; they only provide a link to the all-encompassing page that you also linked to: https://www.netgear.com/about/security.
I've started to wade through the many notices therein, and it is clear that there have been a LOT of programming flaws squashed in the past 18 months. So, I'm not in a position to point to specifics at this point (it's a "target rich environment"). But given that bad actors will reverse engineer an update and quickly develop an exploit shortly after firmware is released (especially for Internet-connected devices), it is very likely that they already know what was fixed (even before we do) and the vulnerability of users like me.
You are correct that, "It's up to NG to deploy fixes for issues they find or brought to them," and they have done so for the RBR750 -- but only for users who aren't also using them with the RBS350 that they bundled them with.
If the RBS350 was definitively listed for EOL, then at least I would know the way things are. But at this point, and since none of the devices released around the time frame that the RBS350 are already listed, it is possible that the RBS350 is not EOL, but in a "zombie"/neglected state. In other words, users like me are being ignored. I'm not happy about that.
Thank you for techsupport.security@netgear.com. I'll contact them tonight.
Good Luck.
Just to conclude this discussion. After a lot of back-and-forth with Netgear on support (initiated by contacting techsupport.security@netgear.com as recommended by FURRYe38), it comes down to the fact that Netgear doesn't care. They made it clear that they are no longer supporting the RBS350, and are just selling off the remaining ones before officially listing it as end-of-service. And the satellites I purchased a year and a half ago are never going to get a firmware version that will enable them to work with the current firmware for the router that they were boxed with when I purchased the RBK653 kit.
In other words, I'm s#!+ out of luck. I can either ditch my RBS350s (thereby allowing me to update the RBR750 to a current, security bug-fixed v7.2.6.31), buy a pair of new satellites, or get a completely different mesh routing system (not from Netgear).
I am very disappointed in Netgear and the disregard for the security of its customers that it has shown here. I have been a long-time user, purchased well over a dozen routers and other hardware from them, and recommended Netgear to many people. That ends with this treatment. I will stop recommending Netgear to my students, my associates, and my family. My current Orbi system is my last. And that is sad.
Understand your stance.
Hope you find something that works better for you in the future.