- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- « Previous
-
- 1
- 2
- Next »
RBR850 Security Flaw - no password required
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850 Security Flaw - no password required
So I set my RBR850 up in to router mode from AP mode yesterday. Also loaded a sample v3.2.10.1 from this thread to see if anything differed from anything else I had loaded:
After setting it up, I enabled Remote Management for the RBR850 so I could check from work and see if I got a log in popup window or not from work.
Using IE11 today from work and going to the specified WAN IP address and port# for my RBR850, I was presented with loging popup window and after entering in the correct information, I was able to log in. I logged off and tried again to access the RBR and the browser still presented me with a log in pop up window.
Opera was already open as I use Opera mostly. I opened a tab up in Opera and went to the same address. Was presented with a log in pop up window. I logged out and closed the tab and re-opened another tab and accessed the RBR and was again presented with a log in popup.
Didn't clear any caches during testing of either browser...
I'll disable the RM feature and then re-test this again from work.
Again, there maybe a bug in the 840 series FW where we are not seeing this on the 850 series.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850 Security Flaw - no password required
NG support has been able to replicate this issue with my supplied config file.
The also mentioned that the white status light staying on all of the time indicates the RBR is in default state? Last message from NG support states "please allow us some more time"
I will post anything new. Awaiting resolution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850 Security Flaw - no password required
This seems to be an issue for users with the 840 series Orbi. Keep in contact with NG support and your support tickets.
Good Luck.
@mrwkbrdr wrote:NG support has been able to replicate this issue with my supplied config file.
The also mentioned that the white status light staying on all of the time indicates the RBR is in default state? Last message from NG support states "please allow us some more time"I will post anything new. Awaiting resolution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RESOLVED
With no help from NG support I have found the problem and the solution.
The two important details are, when the status led is solid white and won't go out, this means the router is still not fully setup. When in this state everything functions as expected and the user will not have any operational or functional issues, including modifying setup within the GUI.
The problems are that the white led status light stays on, and you can acccess the GUI from the WAN and LAN side.
The problem I found is during the setup process using the Orbi app, the last step takes you to a page where NG is trying to sell you added support. Previously I ignored this and closed out the app.
The solution is that you must make a selection, I chose no thanks. Once you make your selection the Orbi flashes the white status light and then the app moves to the next screen which states setup complete. White status light goes out as expected, and you are now prompted with a login pop up when trying to access the GUI using WAN or LAN.
Should someone experience this issue and are unable to resolve, please pm me and I will provide more details to assist you in correcting these two issues.
Can a moderator please mark this discussion as resolved.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850 Security Flaw - no password required
Thanks for sharing what you found!
It sounds like Netgear "unlocks" the router for the setup process so that the app can always access it and then "relocks" it at the conclusion of the process. Because you didn't officially complete your setup, you were left in limbo.
Stuff like this is why I don't really care for apps for setting up or configuring these things. I prefer to do things directly on the device itself.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850 Security Flaw - no password required
Thank you for letting us know. Glad you found what was going on. If you do use the Orbi app, you'll need to fully complete the app setup process. Seems like if you close out of the app, things don't get fully setup correctly.
Please post about this in the Orbi app forum:
https://community.netgear.com/t5/Orbi-App/bd-p/en-home-orbi-app
This seems line a Orbi app issue that needs to be reviewed by NG and the Orbi app team. Maybe they can help tune this area up some.
@mrwkbrdr wrote:RESOLVED
With no help from NG support I have found the problem and the solution.
The two important details are, when the status led is solid white and won't go out, this means the router is still not fully setup. When in this state everything functions as expected and the user will not have any operational or functional issues, including modifying setup within the GUI.
The problems are that the white led status light stays on, and you can acccess the GUI from the WAN and LAN side.
The problem I found is during the setup process using the Orbi app, the last step takes you to a page where NG is trying to sell you added support. Previously I ignored this and closed out the app.
The solution is that you must make a selection, I chose no thanks. Once you make your selection the Orbi flashes the white status light and then the app moves to the next screen which states setup complete. White status light goes out as expected, and you are now prompted with a login pop up when trying to access the GUI using WAN or LAN.
Should someone experience this issue and are unable to resolve, please pm me and I will provide more details to assist you in correcting these two issues.
Can a moderator please mark this discussion as resolved.
- « Previous
-
- 1
- 2
- Next »
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more