×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Can't find latest CBR40 Firmware as Described in Security Bulletin

GWild
Guide
Guide
‎2021-02-10 03:36 PM
‎2021-02-10 03:36 PM

Can't find latest CBR40 Firmware as Described in Security Bulletin

Security bullitens list this info:

NETGEAR has released fixes or hotfixes for an unauthenticated command injection security vulnerability on the following product models:

  • CBR40, running firmware versions prior to 2.6.1.38

 

But on the download page only this is listed:

Firmware and Software Downloads

  • Current Versions
  • CBR40 Firmware Version 2.5.0.14

Where do I go to find the latest release?

 

Even weirder: the RBS20 firmware (2.6.2.104) they have that is supposed to fix this hole is not compatible with my RBS20. Too funny.

 

Top Support Articles

  • EU Declarations of Conformity
  • RBR20 / RBS20 Firmware Version 2.6.2.104
Model: CBR40|Orbi AC2200 Tri-band WiFi Cable Modem Router
Message 1 of 8
0 Kudos
Reply

Accepted Solutions
Blanca_O
NETGEAR Moderator
NETGEAR Moderator
‎2021-02-17 01:48 PM
‎2021-02-17 01:48 PM

Re: Can't find latest CBR40 Firmware as Described in Security Bulletin

Hi @GWild

 

Thanks for bringing this to our attention. 

 

The KB Article has been updated with its correct firmware version

https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerabili...

 

The CBR40 FW that addresses this PSV is v2.5.0.14. and for RBR20/RBS20 it’s v2.6.1.38.

 

@FURRYe38, thanks for looping me in!

 

Regards,
Blanca
Community Team

View solution in original post

Message 8 of 8
Reply

All Replies
FURRYe38
Guru Guru
Guru
‎2021-02-10 10:12 PM
‎2021-02-10 10:12 PM

Re: Can't find latest CBR40 Firmware as Described in Security Bulletin

Where do you find this information?

 

Nothing posted yet on NG download site:

https://www.netgear.com/support/product/CBK40.aspx#download

 

Something to contact NG support about and see. 

Message 2 of 8
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2021-02-11 07:49 AM
‎2021-02-11 07:49 AM

Re: Can't find latest CBR40 Firmware as Described in Security Bulletin

You need to use what is avialable from the CBK site:

https://www.netgear.com/support/product/CBK40.aspx#download

 

Untill NG makes it compatible with the CBR40. 

Message 4 of 8
0 Kudos
Reply
GWild
Guide
Guide
‎2021-02-11 11:03 AM
‎2021-02-11 11:03 AM

Re: Can't find latest CBR40 Firmware as Described in Security Bulletin

What this is telling me is that the CBK40/CBR40 have not received updates, and that this vulnerability remains for the CBK40/CBR40 products. Not exactly comforting to know there is a known 8.5+ ranked hack that your gear is subject to. 

 

As for contacting support, what you probably already know, they do not talk with owners after 90 days from purchase unless you have paid for an expensive support plan. 

Model: CBR40|Orbi AC2200 Tri-band WiFi Cable Modem Router
Message 5 of 8
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2021-02-11 04:49 PM
‎2021-02-11 04:49 PM

Re: Can't find latest CBR40 Firmware as Described in Security Bulletin

You may reach out to a NG forum moderator then.

@Blanca_O 

 

Good Luck. 

Message 6 of 8
0 Kudos
Reply
Blanca_O
NETGEAR Moderator
NETGEAR Moderator
‎2021-02-16 03:50 PM
‎2021-02-16 03:50 PM

Re: Can't find latest CBR40 Firmware as Described in Security Bulletin

Hi @GWild

 

Let me check on this. I will get back to you for any updates.

 

Regards,
Blanca
Community Team
 

Message 7 of 8
0 Kudos
Reply
Blanca_O
NETGEAR Moderator
NETGEAR Moderator
‎2021-02-17 01:48 PM
‎2021-02-17 01:48 PM

Re: Can't find latest CBR40 Firmware as Described in Security Bulletin

Hi @GWild

 

Thanks for bringing this to our attention. 

 

The KB Article has been updated with its correct firmware version

https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerabili...

 

The CBR40 FW that addresses this PSV is v2.5.0.14. and for RBR20/RBS20 it’s v2.6.1.38.

 

@FURRYe38, thanks for looping me in!

 

Regards,
Blanca
Community Team

Message 8 of 8
Reply
Top Contributors
See All
Discussion stats
  • 7 replies
  • ‎2021-02-10 03:36 PM
  • 2154 views
  • 1 kudo
  • 3 in conversation
Announcements

Orbi WiFi 7