Reply

Netgear Armour has detected a vulnerability with RBK53 Router it is installed on!

porlockweir
Guide

Netgear Armour has detected a vulnerability with RBK53 Router it is installed on!

Has anyone else had a similar message?  I’ve checked the settings on the router and can’t find an option to correct it.  The message suggest that Netgear are aware, but if so why have they allowed a vulnerability to persist on their own hardware?

 

Firmware version is V2.3.1.60Orbi.PNG

Model: RBK53|Orbi AC3000 Tri-band WiFi System
Message 1 of 2
schumaku
Guru

Re: Netgear Armour has detected a vulnerability with RBK53 Router it is installed on!


@porlockweir wrote:

The message suggest that Netgear are aware, but if so why have they allowed a vulnerability to persist on their own hardware?


The vulnerability checker in Armor is coming from BitDefender, not from Netgear.

 

Of course, Netgear does know that their routers continue to allow management using plain text http - what is sufficient for most users even in the year 2019, last but not least it comes very handy, and does lead to much less questions regarding to why the browsers behave different, can can show even red warnings, e.g. when accessing the router https local or remote by using the IP address, by an own DNS name, by a DDNS name, ...

Under the line, a https connection secured by a "known" private key (many Netgear devices share the same private key and certificate!) isn't much more secure than a plain text http connection.

 

Developing things a little bit more, many vulnerability scanners complain the same if there is just a http redirect to a https to the same device.

Message 2 of 2
Top Contributors
Discussion stats
  • 1 reply
  • 1751 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 6E