Reply

Netgear's Nighthawk app is pure junk

duckware
Prodigy

Netgear's Nighthawk app is pure junk

I tried Netgear's Nighthawk app for the first time today.  I setup a test router.  I connected to my phone's hotspot to test remote access, and that worked (but I had not turned remote manage on; default on?)

 

Went to a neighbor's house, connected to WiFi -- and all of a sudden the app was locked on wanting the password for the local router.  The app refuses to allow me to manage the router I had already set up -- all because the app had detected a local Netgear (my neighbor's Nighthawk router).

 

Another fatal flaw.  The names (R7800, etc) in the router list can not be customized.  Sure, the app allows you to rename the router, BUT, the app displayed the model number fo the router, not the customized name.  Well, that is not going to work, because I a bunch of all the same model routers.  There is no way to tell them apart until I go deep into the menu to see which name is being managed.

 

Crazy.  Pure junk.

Message 1 of 6
duckware
Prodigy

Re: Netgear's Nighthawk app is pure junk

More problems....

 

(1) SECURITY PROBLEM: Communication between app and router is in plain text.

 

(2) Try to rename router to anything else (with space in the name), all you get is an ERROR: "Please try again later" message.  Apparently because the router does not like 'spaces'.

 

(3) While I was remotely managing a router and changing settings, all the while the app said (in red) that internet was down.  Completely bogus as I was changing settings.

 

(4) I have four other remote Nighthawk routers that I want to manage with the app.  YOU CAN'T DO IT (even with remote web access ON).  App must be on local to the router, connected to local wifi in order to set up a new router (so you need to travel to every router to set it up!)  Very bad design (artificial limitation).  Because the app is using HTTP locally with username/password, and given that remote web access URL with username/password is no different -- this would have been easy.  Instead, Netgear says "no, you can't".

 

(5) The app does NOT use remote web access for remote access.  It is using some other method.  Clearly Netgear is opening something up -- and at this point, I don't trust they did so correctly.

Message 2 of 6
schumaku
Guru

Re: Netgear's Nighthawk app is pure junk


@duckware wrote:

I tried Netgear's Nighthawk app for the first time today.  I setup a test router.  I connected to my phone's hotspot to test remote access, and that worked (but I had not turned remote manage on; default on?)


Once upon a time, Netgear used two different designations:

 

  • Remote Management for real Web based remote access - with all the limitations of having to expose the router Web UI to the wild Internet, and the inability to operate a router in a carrier grade NAT environment.
  • Remote Administration in the App (which must be enabled while connected locally - a security measure), originally introduced along woth the Genie App, where the router does link up with some Netgear cloud infrastructure, and the App does connect to the cloud, using a proper authentication using the Netgear Account.

In the newer time, with the introduction of the Nightawk App (or the Orbi App, ...),  the naming was changed. Two complete different features, but the same name.


@duckware wrote:

Went to a neighbor's house, connected to WiFi -- and all of a sudden the app was locked on wanting the password for the local router.  The app refuses to allow me to manage the router I had already set up -- all because the app had detected a local Netgear (my neighbor's Nighthawk router).


Don't have such another neighbor router (or a test unit) - doesn't the App offer a [REmote Access] line when open the App (as a work-around)?

 


@duckware wrote:

Another fatal flaw.  The names (R7800, etc) in the router list can not be customized.  Sure, the app allows you to rename the router, BUT, the app displayed the model number fo the router, not the customized name. 


Complained and reported before. Take notes of the serial number (kidding).

 


@duckware wrote:

(1) SECURITY PROBLEM: Communication between app and router is in plain text.


Complained before. Not using https on devices supporting https for LAN and/or WAN access. Yes, seriously - some Nighmare router models are supporting https for the remote access, but don't on the LAN. 

Now we can argue that the https certificate for e.g. routerlogin.net and routerlogin.com - some models come with a properly signed cert (indeed!) while others, including the business BR500 or the Orbi Pro, come with a self-signed cert. Both imply that there are many devices in the field sharing the same certificate - and private key. Well, better than plain http.

 


@duckware wrote:

(2) Try to rename router to anything else (with space in the name), all you get is an ERROR: "Please try again later" message.  Apparently because the router does not like 'spaces'.


Reported before. Pure random hit ans miss. Depends widely on the router model and firmware in place - various "effects" and problems exist.

 


@duckware wrote:

(3) While I was remotely managing a router and changing settings, all the while the app said (in red) that internet was down.  Completely bogus as I was changing settings.


Hm, are there controls requiring to restart/reboot the (remote) router? Never happened here recently.

 


@duckware wrote:

(4) I have four other remote Nighthawk routers that I want to manage with the app.  YOU CAN'T DO IT (even with remote web access ON).  App must be on local to the router, connected to local wifi in order to set up a new router (so you need to travel to every router to set it up!)


Complained before. But this can be considered a security feature: You need physical (or local) access to the router to enable the App based Remote Management. Better than just say a crappy other authentication process at least.

 


@duckware wrote:

 

(5) The app does NOT use remote web access for remote access.  It is using some other method.  Clearly Netgear is opening something up -- and at this point, I don't trust they did so correctly.


Correct. Caused by bad communication, documentation, different features under the same naming. It's the same (or similar) cloud technology Netgear bought along with the ReadNAS, it's also used for ReadyCloud for Web portal and App based remote access on ReadyNAS or router hosted data. Explained above already - definitively better than a crappy open exposed port to the Internet.

 

Welcome to the club @duckware - even if you are very late. These (and dozens more issues) were reported since the intro of the Nightmare App. Netgear does fold the ears back - almost all the feedback was ignored. All this consumer stuff named Nighthawk, Nighthawk AX, Orbi, Orbi AX, Nightawk AX Mesh, Nighthawk Pro Gaming Routers ... is all over was off from properly designed, implemented, ... it looks like some kids are playing games, and no management does control them.

Message 3 of 6
duckware
Prodigy

Re: Netgear's Nighthawk app is pure junk

Remote Access was DEFINITELY turned ON by default in the App.  I never turned it on.  I even replicated the issue.  Forced App Remote Access off on router, deleted the app, reinstalled the app, added the router and remote access was ON.

 

[Remote Access] line: No, not offered.  And replicated.  The app detects that the password to the local Nighthawk router no longer works and immediately pops up a window asking for the correct password (and there is no way to close that window or go back -- stuck until the correct password for the router is entered.  So there is no way to get to the screen where 'Remote Access' is offered.  I see the screen you are talking about, but it only stays up for about 1/20th second before the screen asking for the correct router password pops up.

 

The app has so many problems, it is unusable, and provides bogus information.  The link speed reported is off by a little in some cases, and off by a LOT in other cases.  In one smartphone, Android reports the link speed as 585 Mbps, but the app reports it as something in the low 300's Mbps.

Message 4 of 6
schumaku
Guru

Re: Netgear's Nighthawk app is pure junk


@duckware wrote:

Remote Access was DEFINITELY turned ON by default in the App.  I never turned it on.  I even replicated the issue.  Forced App Remote Access off on router, deleted the app, reinstalled the app, added the router and remote access was ON.


Makes some sense that they enable the cloud based App Remote Administration by default. Less support effort, ... Wild guessing.

The App (cloud) based Remote Administration can only be disabled from the App, not from the router.

Last test would be to diable the App based Remote Administration and a factory reset of the router - but I'm not even convinced if the app remote access bit might be stored on the cloud.

 


@duckware wrote:

[Remote Access] line: No, not offered.  And replicated.  ...I see the screen you are talking about, but it only stays up for about 1/20th second before the screen asking for the correct router password pops up.


There must be a way to break the local login to select the remote access line. Bug...

Aside, there is a similar problem if users have multiple Netgear devices in the local data path (e.g. router in AP mode!) - the App hits the AP, not the router 8-/

 


@duckware wrote:

The app has so many problems, it is unusable, and provides bogus information.  The link speed reported is off by a little in some cases, and off by a LOT in other cases.  In one smartphone, Android reports the link speed as 585 Mbps, but the app reports it as something in the low 300's Mbps.


Are you convinced the TX link rate is always exactly symmetrical? One is the Android TX rate, the other is the router radio TX rate.

 

While talking, does the R7800 have a valid signed certificate on board?

routerlogin cert Entrust.JPG

The point is that we talk to a concrete wall - it's more interactive than trying to get things controlled and changed on the Netgear consumer BU. The same bogus specs and design are carried forward to new models, their ability or will to change is almost near to /dev/null.


Message 5 of 6
duckware
Prodigy

Re: Netgear's Nighthawk app is pure junk

asymmetrical: I tracked down the issue to the Netgear app displaying stale info.  Apparently there is a time lag?  I moved around, ran app, and got old info.

 

Yes PHY can be asymmetrical and that is an excellent point to raise.  Not very well understood.  Every device should be displaying both Tx PHY and Rx PHY.

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 793 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 6E