Netgear Armor (free trial) has completed a vulnerability assessment on my network and has identified a High Risk vulnerability on the RBR50 router itself. The description is "Basic auth found". Can someone explain that to me and what I should to do fix this? Basic auth on what? - orbilogin.com?? Thanks.

Yes, a vulvenrability on the router itself. See his link: Netgear products vulnerable to authentication bhpass flaws I think this is what the scan result you got means. I thought for sure that this had long ago been addressed. Now I understand why Netgear is in no real hurry to roll-out the vulnerability assessment scan functionality! Is this all the scan report says - are there any dates shown or any kind of explanation ...

Hi again brise . I was right, this vulnerability was addressed. See this link: https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management

brise wrote: The description is "Basic auth found". Can someone explain that to me and what I should to do fix this? Basic auth on what? - orbilogin.com?? The description alone as provided is not sufficient - there must be more. Basic Auth is a standard way used to challenge usernames and passwords in a Web browser, on http or https sessions, here is what the Web browser shows: Especially if this code does pop-up in a http page, it's typically considered a major risk - because of the content (realm, username, password) are going over the network without reasonable encryption.Well this is what happens when so-called security systems are thrown on the wide public - completely unrelated "itt's this" are coming back.

The default assumption is that everyone has your wifi password. But hordes of random black hats are not going to be driving around cracking weak home wifi access passwords and snooping traffic on the off chance they'll be there to catch an AUTH request. It doesn't scale. If a threat actor really wants to pwn you, quite frankly they won't park a truck nearby to snoop your wifi, they'll just wait until you go to work, pick your door lock, and install devices in your physical network that let them exfiltrate anything they want. Being able to snoop the router admin password will just be icing on the cake. Is this something that should be fixed? Yes. https should be the default.Is this something that 99.999% of the user base should lose sleep over? No.Should your admin password be different from the wifi password? Well, duh! If you want to be paranoid, then until this vulnerability is rectified, only configure the router using a direct wired ethernet connection (ie: a crossover cable), not over wifi.

MadOverlord wrote:..., and if you do a https connection it works but you get an insecure connection warning (probably there isn't a certificate).Use the https://orbilogin.net whilel you are in your Orbi LAN/WLAN ...

RBR50 High Risk Vulnerability | NETGEAR Communities

16 Replies

Orbi-Roc
Luminary
May 13, 2019
Yes, a vulvenrability on the router itself. See his link:

Netgear products vulnerable to authentication bhpass flaws

I think this is what the scan result you got means. I thought for sure that this had long ago been addressed. Now I understand why Netgear is in no real hurry to roll-out the vulnerability assessment scan functionality! Is this all the scan report says - are there any dates shown or any kind of explanation ...
- Orbi-Roc
  Luminary
  May 13, 2019
  Hi again brise . I was right, this vulnerability was addressed. See this link:
  
  https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
- brise
  Aspirant
  May 13, 2019
  Thanks for the response. I looked at the links you provided and I don't see that the RBR50 was involved. In any case:
  
  1 - I had already set the password recovery option (as recommended) on the router.
  
  2 - It turns out that the Armor vulnerability alert showing is on each of the 2 RBS50 *satellites* (not the router). The date shown is yesterday - May 12. No other information is shown on the alert.
  
  3 - I am able to log in to the router and satellites individually using my admin user/pwd. I didn't expect to be able to log into a satellite - but there are no configuration options there anyway.
  
  Is this alert something I need to worry about? I guess the satellite access login is available only if already on my network.
  - Orbi-Roc
    Luminary
    May 13, 2019
    Hi again brise . I know the Orbi routers weren't part of this Netgear Security Alert. I was merely trying to point out that the issue reported in your vulnerability assessment scan is a known issue to Netgear with other routers; and since their own Netgear Armor reported it in the context of a vulnerability scan, then I assume that the Orbi routes also suffer from the same security flaw. I am no expert at this brise , far from it. I basically have the same Orbi set up you have and it makes me nervous that vulneraribility assessment scans are not being performed on a regular basis; even more so after reading your post.
schumaku
Guru - Experienced User
May 17, 2019
brise wrote:

The description is "Basic auth found". Can someone explain that to me and what I should to do fix this? Basic auth on what? - orbilogin.com??

The description alone as provided is not sufficient - there must be more.

Basic Auth is a standard way used to challenge usernames and passwords in a Web browser, on http or https sessions, here is what the Web browser shows:

Especially if this code does pop-up in a http page, it's typically considered a major risk - because of the content (realm, username, password) are going over the network without reasonable encryption.

Well this is what happens when so-called security systems are thrown on the wide public - completely unrelated "itt's this" are coming back.
- Eg2020
  Tutor
  Aug 07, 2019
  I'm getting the same vulnerability message for the RBR50 router. I also get one for my Ecobee thermostat. Unfortunately there is no other detail provided in the report.
  - schumaku
    Guru - Experienced User
    Aug 07, 2019
    As I wrote above:
    
    "Basic Auth is a standard way used to challenge usernames and passwords in a Web browser, on http or https sessions, ... if this code does pop-up in a http page, it's typically considered a major risk - because of the content (realm, username, password) are going over the network without reasonable encryption."
    
    Except for the "special case" where the device is the first in the data path (e.g. a wireless extender with mywifiext.net , or a router with myrouterlogin.net , or an Orbi router with orbilogin.net where the device can capture the DNS request and return the LAN IP here is hardly a way to have "clean" https certificate installations on a LAN - without local DNS, without your own domain, ... so it's disputable what is the better choice - non-protected credentials on what should be considered a secure LAN, or even more nasty browser complaints about invalid certificate, ....
JasonLF
Aspirant
Aug 22, 2019
Just wondering if you use (Tesla) solar panels. On my network this shows up but it is the little wireless adapter that connects the panel inverters to report electric generation. I plan to contact them this week but I doubt I will get a response.
- DexterJB
  NETGEAR Moderator
  Aug 26, 2019
  Hi all, this has been reported to engineering and is being worked on.
  
  Dexter
Rocketmanspc
Aspirant
Aug 26, 2019
Getting the same message, see the file I imported. My software is up to date. Is Netgear doing anything to resolve this threat?

Forum Discussion

RBR50 High Risk Vulnerability