Orbi WiFi 7 RBE973
Reply

Re: RBR50 High Risk Vulnerability

brise
Aspirant

RBR50 High Risk Vulnerability

Netgear Armor (free trial) has completed a vulnerability assessment on my network and has identified a High Risk vulnerability on the RBR50 router itself. The description is "Basic auth found". Can someone explain that to me and what I should to do fix this?  Basic auth on what? - orbilogin.com??

Thanks.

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 17
Orbi-Roc
Luminary

Re: RBR50 High Risk Vulnerability

Yes, a vulvenrability on the router itself. See his link:

 

Netgear products vulnerable to authentication bhpass flaws

 

I think this is what the scan result you got means. I thought for sure that this had long ago been addressed. Now I understand why Netgear is in no real hurry to roll-out the vulnerability assessment scan functionality! Is this all the scan report says - are there any dates shown or any kind of explanation ...

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 2 of 17
Orbi-Roc
Luminary

Re: RBR50 High Risk Vulnerability

Hi again @brise . I was right, this vulnerability was addressed. See this link:

 

https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associa...

 

 

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 3 of 17
brise
Aspirant

Re: RBR50 High Risk Vulnerability

Thanks for the response. I looked at the links you provided and I don't see that the RBR50 was involved. In any case:

1 - I had already set the password recovery option (as recommended) on the router.

2 - It turns out that the Armor vulnerability alert showing is on each of the 2 RBS50 *satellites* (not the router). The date shown is yesterday - May 12. No other information is shown on the alert.

3 - I am able to log in to the router and satellites individually using my admin user/pwd. I didn't expect to be able to log into a satellite - but there are no configuration options there anyway.

 

Is this alert something I need to worry about? I guess the satellite access login is available only if already on my network.

Message 4 of 17
Orbi-Roc
Luminary

Re: RBR50 High Risk Vulnerability

Hi again @brise . I know the Orbi routers weren't part of this Netgear Security Alert. I was merely trying to point out that the issue reported in your vulnerability assessment scan is a known issue to Netgear with other routers; and since their own Netgear Armor reported it in the context of a vulnerability scan, then I assume that the Orbi routes also suffer from the same security flaw. I am no expert at this @brise , far from it. I basically have the same Orbi set up you have and it makes me nervous that vulneraribility assessment scans are not being performed on a regular basis; even more so after reading your post. 

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 5 of 17
Orbi-Roc
Luminary

Re: RBR50 High Risk Vulnerability


@brise wrote:

"2 - It turns out that the Armor vulnerability alert showing is on each of the 2 RBS50 *satellites* (not the router). The date shown is yesterday - May 12. No other information is shown on the alert."

 

I am puzzled with this. I didn't think that an Orbi satellite could be compromised in any way but only the router per se. I sure wish that a Moderator will chime to enlight us. My suggestion would be to contact Support. I've dealt with them before and got a response well within 24 hours. Good luck!


 

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 6 of 17
schumaku
Guru

Re: RBR50 High Risk Vulnerability


@brise wrote:

The description is "Basic auth found". Can someone explain that to me and what I should to do fix this?  Basic auth on what? - orbilogin.com??


The description alone as provided is not sufficient - there must be more.

 

Basic Auth is a standard way used to challenge usernames and passwords in a Web browser, on http or https sessions, here is what the Web browser shows:

 

Baic auth prompt.PNG
Especially if this code does pop-up in a http page, it's typically considered a major risk - because of the content (realm, username, password) are going over the network without reasonable encryption.


Well this is what happens when so-called security systems are thrown on the wide public - completely unrelated "itt's this" are coming back.

Message 7 of 17
Eg2020
Tutor

Re: RBR50 High Risk Vulnerability

I'm getting the same vulnerability message for the RBR50 router. I also get one for my Ecobee thermostat. Unfortunately there is no other detail provided in the report.

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 8 of 17
schumaku
Guru

Re: RBR50 High Risk Vulnerability

As I wrote above:

 

"Basic Auth is a standard way used to challenge usernames and passwords in a Web browser, on http or https sessions, ... if this code does pop-up in a http page, it's typically considered a major risk - because of the content (realm, username, password) are going over the network without reasonable encryption."

 

Except for the "special case" where the device is the first in the data path (e.g. a wireless extender with mywifiext.net , or a router with myrouterlogin.net , or an Orbi router with orbilogin.net where the device can capture the DNS request and return the LAN IP here is hardly a way to have "clean" https certificate installations on a LAN - without local DNS, without your own domain, ... so it's disputable what is the better choice - non-protected credentials on what should be considered a secure LAN, or even more nasty browser complaints about invalid certificate, .... 

Message 9 of 17
Eg2020
Tutor

Re: RBR50 High Risk Vulnerability

I get all that. The issue is why is the Netgear Armor that comes with the Orbi router declaring the router itself to be a security risk. If you just go to the url of the router then indeed the basic auth window pops up, so is that it?  

Message 10 of 17
MadOverlord
Initiate

Re: RBR50 High Risk Vulnerability

I'm getting this on my new RBR40. There does not seem to be a way to force the router web config to only work through https, and if you do a https connection it works but you get an insecure connection warning (probably there isn't a certificate).

 

Kind of embarrassing that the first warning you get with BitDefender is about the router itself.

 

Realistically, since you can only connect to the router from inside the network, the only devices that could snoop the unencrypted http traffic are those already connected to your network.

Message 11 of 17
Orbi-Roc
Luminary

Re: RBR50 High Risk Vulnerability

Hi @MadOverlord .


@MadOverlord wrote:

"Realistically, since you can only connect to the router from inside the network, the only devices that could snoop the unencrypted http traffic are those already connected to your network."

 

So if your network access password is weak and 'access control' functionality not enabled on your router, you don't think that someone parked in front of your house can access and connect to your network?


 

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 12 of 17
MadOverlord
Initiate

Re: RBR50 High Risk Vulnerability

The default assumption is that everyone has your wifi password. But hordes of random black hats are not going to be driving around cracking weak home wifi access passwords and snooping traffic on the off chance they'll be there to catch an AUTH request. It doesn't scale.

 

If a threat actor really wants to pwn you, quite frankly they won't park a truck nearby to snoop your wifi, they'll just wait until you go to work, pick your door lock, and install devices in your physical network that let them exfiltrate anything they want. Being able to snoop the router admin password will just be icing on the cake.

 

Is this something that should be fixed? Yes. https should be the default.

Is this something that 99.999% of the user base should lose sleep over? No.

Should your admin password be different from the wifi password? Well, duh!

 

If you want to be paranoid, then until this vulnerability is rectified, only configure the router using a direct wired ethernet connection (ie: a crossover cable), not over wifi.

 

Message 13 of 17
JasonLF
Aspirant

Re: RBR50 High Risk Vulnerability

Just wondering if you use (Tesla) solar panels. On my network this shows up but it is the little wireless adapter that connects the panel inverters to report electric generation. I plan to contact them this week but I doubt I will get a response.
Message 14 of 17
schumaku
Guru

Re: RBR50 High Risk Vulnerability


@MadOverlord wrote:

..., and if you do a https connection it works but you get an insecure connection warning (probably there isn't a certificate).


Use the https://orbilogin.net whilel you are in your Orbi LAN/WLAN ...

Message 15 of 17
Rocketmanspc
Aspirant

Re: RBR50 High Risk Vulnerability

Getting the same message, see the file I imported. My software is up to date. Is Netgear doing anything to resolve this threat?

 

Message 16 of 17
DexterJB
NETGEAR Moderator

Re: RBR50 High Risk Vulnerability

Hi all, this has been reported to engineering and is being worked on.

 

Dexter

Message 17 of 17
Top Contributors
Discussion stats
  • 16 replies
  • 6883 views
  • 5 kudos
  • 8 in conversation
Announcements

Orbi WiFi 7