Firmware update V2.6.2.104 - Internet Freeze, No Internet, Buffering, OFFLINE Status on App

---

junktrunk wrote:

---

---

How do you know? I find it very unlikely that NG would update firmware on consumer grade products unless there's a serious problem, and the only thing they said about this firmware release is that it's to address security issues, i.e. there were serious security problems that needed to be dealt with. 

 

Upon more digging, I was able to find this which tells us at least one of the changes that were applied to RBR20 in this v2.6.2.104 firmware update:

 

https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders

 

Read some of the bulletins that go with those. "An attacker can leverage this vulnerability to execute arbitrary code in the context of root". Some of those vulnerabilities (here's just one) that were fixed have an 8.8 criticality, out of 10. That's pretty serious. I don't know why NG makes this so difficult to figure out what was changed but it's pretty clear to me now that everyone should be upgrading, especially if disabling the broken Traffic Meter is the workaround to keeping their network stable with the more secure firmware version. 

 

---

well lets think about this....I've been on 2.5.2.4 since November 2020 with ZERO cyber attacks, yet 1000's have updated to the latest firmware version that is suppose to offer cyber protection but instead it has caused numerous disconnects and headaches.  The math speaks for itself.  Flame suit on.

---

vajim wrote:

well lets think about this....I've been on 2.5.2.4 since November 2020 with ZERO cyber attacks, yet 1000's have updated to the latest firmware version that is suppose to offer cyber protection but instead it has caused numerous disconnects and headaches.  The math speaks for itself.  Flame suit on.

---

How can you possibly know if you have had zero attacks though. That's the problem. There's not enough logging in the Orbi devices to my knowledge to independently assess whether any of the vulnerabilities reportedly fixed in this firmware were used in an attack on your router. If an attack does occur, the attacker could run arbitrary code on your router, which means they could be using it to attack other devices on your LAN. Whether that is something you'd then observe on those devices is a matter of how much protection and detection all your internal devices have, but let's face it, consumer networking devices are pretty lax here because they expect the router to do all the external attack protection. 

I understand what you're saying about not wanting to deal with the incredibly frustrating internet drop out bug or whatever other stuff is a problem in this firmware, but it's just not responsible to advise people to expose themselves to attacks like this. I'm assuming you've done this before, but if not, turn on the logs for "Known DoS attacks and Port Scans" and watch how many dozens of times a day your device is getting hit by some random bot out there. It would be naive to think that those bots aren't also attempting to use these vulnerabilities to do more than just a DoS, but Orbi has no way of reporting that kind of activity to us.

---

junktrunk wrote:

---

vajim wrote:

well lets think about this....I've been on 2.5.2.4 since November 2020 with ZERO cyber attacks, yet 1000's have updated to the latest firmware version that is suppose to offer cyber protection but instead it has caused numerous disconnects and headaches.  The math speaks for itself.  Flame suit on.

---

How can you possibly know if you have had zero attacks though. That's the problem. There's not enough logging in the Orbi devices to my knowledge to independently assess whether any of the vulnerabilities reportedly fixed in this firmware were used in an attack on your router. If an attack does occur, the attacker could run arbitrary code on your router, which means they could be using it to attack other devices on your LAN. Whether that is something you'd then observe on those devices is a matter of how much protection and detection all your internal devices have, but let's face it, consumer networking devices are pretty lax here because they expect the router to do all the external attack protection. 

 

I understand what you're saying about not wanting to deal with the incredibly frustrating internet drop out bug or whatever other stuff is a problem in this firmware, but it's just not responsible to advise people to expose themselves to attacks like this. I'm assuming you've done this before, but if not, turn on the logs for "Known DoS attacks and Port Scans" and watch how many dozens of times a day your device is getting hit by some random bot out there. It would be naive to think that those bots aren't also attempting to use these vulnerabilities to do more than just a DoS, but Orbi has no way of reporting that kind of activity to us.

---

you're missing my point....I'm NOT advising anybody to do anything.  I am telling others what has worked for me.  People will hopefully make their own decisions.  All the discussion you point out about arbitrary code on my router can be simply reversed and ask the same question to you, but I won't.  My network works as well as my devices when I call upon them.  Furthermore what would a arbitrary code on any router look or feel like?  I don't care.  So it comes down to I'll enjoy the internet my way and you do the same.  

---

vajim wrote:

---

you're missing my point....I'm NOT advising anybody to do anything.  I am telling others what has worked for me.  People will hopefully make their own decisions. 

---

Except that you are:

• https://community.netgear.com/t5/Orbi/RBR50-Have-You-Installed-V2-7-2-104/m-p/2078706#M118311 "get rid of V2.7.2.104 and your life will improve"
• https://community.netgear.com/t5/Orbi/Last-firmware-prior-to-V2-7-2-104/m-p/2077816#M118135 " I will tell them DON'T update the firmware and apologize for recommending Orbi. go to the download area and enter your model number.  They have firmware going way back."

---

vajim wrote:

---

All the discussion you point out about arbitrary code on my router can be simply reversed and ask the same question to you, but I won't.  My network works as well as my devices when I call upon them.  Furthermore what would a arbitrary code on any router look or feel like?  I don't care.  So it comes down to I'll enjoy the internet my way and you do the same.  

---

I didn't follow the "can be simply reversed and ask the same question to you" part but if you're saying I can't be sure I was being attacked previously through these vulnerabilities, that's true, due to the same reason none of us can be sure we were or weren't being attacked, unless something observable happens. But it's pretty common for these port scanner packages to be updated to try to apply common and useful vulnerabilities. This is how people get access to IoT cameras showing baby monitoring and other personal images stored on computers or media devices within their home networks. That's the kind of thing that at attack might do. They might also install software on another insecure device on your home network to add that device to their DoS army (here's just a random article about that: https://blog.finjan.com/iot-dos-attacks/) -- obviously DoS is bad overall but it also impacts the infected device to slow it down or cause other problems when it's activated as part of a DoS attack on some other home.

So listen, the choice about whether to upgrade is up to everyone individually. You're of course free to do what you like also and I respect your frustration with NG's incredibly shoddy QA, as I'm also frustrated with it. I just am saying everyone should think very carefully about whether they want published vulnerabilities like these to remain unpatched on their network when we seem to have a viable workaround (disable Traffic Meter).

---

junktrunk wrote:

---

I just am saying everyone should think very carefully about whether they want published vulnerabilities like these to remain unpatched on their network when we seem to have a viable workaround (disable Traffic Meter).

 

...or....I just am saying everyone should think very carefully about whether they upgrade their Orbi firmware based on the 1000's of complaints that we read everytime a new firmware is released.  There are cases to which I've seen first hand where a firmware is released and within days 1000's are reporting problems.  Then fast forward several months later and that same firmware is flawless, yet the version numnber stayed the same.

 

 Still waiting to hear from those that did NOT upgrade and experienced those nasty vulnerabilities that you keep bringing up.

 

 

---

junktrunk wrote:
I've already explained this twice and I'm not sure why you're having such a hard time with it. People aren't going to even know they're being attacked, that's the point. And if by some chance they figure out that they have been attacked, there's pretty low odds they're going to stumble on this thread to report it's related to these vulnerabilities. Anyway do what you want with your own network. Just please stop downplaying the importance of staying up to date with security patches.

---

I've got a better idea (flame suit back on) and I saw this coming.....but whether you realize it or not you are not a member of the Netgear police force.  Protecting users from people like me.   But rather than worry about me, and what I say here (shame on it if something would actually take my advice) just go about your way and enjoy your orbi.  I'm not down playing anthing.  Once Netgear figures out how to release flawless firmware (may never happen) I'll be right there with you and all the others living on the edge.  Trust me, I've been doing this for a long time.