× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
× Introducing the new Orbi 770 Series Mesh System. To learn more click here.
Orbi WiFi 7 RBE973
Reply

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

DatabaseJase
Luminary

RBR50 / RBS50 Firmware Version 2.6.1.40

Available here: RBR50 / RBS50 Firmware Version 2.6.1.40 | Answer | NETGEAR Support

 

New Features and Enhancements:

  • Supports HTTPS on the LAN

Security Fixes:

  • Fixes security issues

When there are no user issues fixed does that mean there are no user issues to fix? Smiley LOL

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 27
wimmme
Tutor

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Is this official or beta firmware ? I just updated to 2.5.2.4 2 days ago !

Message 2 of 27
DatabaseJase
Luminary

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

I'm not sure if it has a "beta" tag but it is official and as far as I'm aware NG don't do "beta" public releases...

 

Orbi RBK50 | WiFi System | NETGEAR Support

Message 3 of 27
Ha_Ku_Na
Luminary

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

The "New Features and Enhancements" section is confusing:

Supports HTTPS on the LAN

What should that mean ? If I'm using https internally, then I use it and it is already working (browser and REST calls).

 

Anyway, I reverted from 2.5.2.4 to 2.5.1.16 because this is the most actual FW which is working on my environment (1 RBR & 1 RBS wired and 2 RBS via backhaul).

 

Would be interesting, if someone already upgraded to 2.6.1.40 and what the experience is ?

- are the connected Devices displayed correctly (mobile appp & browser)

- stability

...

 

Message 4 of 27
NewGuy25
Aspirant

Re: RBR50 / RBS50 Firmware Version 2.6.1.40


@Ha_Ku_Na wrote:

The "New Features and Enhancements" section is confusing:

Supports HTTPS on the LAN

What should that mean ? If I'm using https internally, then I use it and it is already working (browser and REST calls).

 

Anyway, I reverted from 2.5.2.4 to 2.5.1.16 because this is the most actual FW which is working on my environment (1 RBR & 1 RBS wired and 2 RBS via backhaul).

 

Would be interesting, if someone already upgraded to 2.6.1.40 and what the experience is ?

- are the connected Devices displayed correctly (mobile appp & browser)

- stability

...

 


Experiencing issues when loading up ebay.co.uk after the update. Any device connected to the network cannot seem to load up the css for ebay.co.uk

Message 5 of 27
timch
Luminary

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

I've been running this for about a week or so with no problems; it seems really solid and the app works as expected.  I've checked eBay.co.uk just now and it's loads perfectly.

I have an RBR50 and 2 RBS50 connected wirelessly and an RBS40 connected on Ethernet.

Message 6 of 27
Ha_Ku_Na
Luminary

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Thanks for sharing your experience.

 

Just a few questions to your setup:

- are you using the Orbi system in Router or AP mode (i use Router Mode)?

- Are you using "Access Control" ?

- Are you using "Port Forwarding" ?

- Are you using "Dynamic DNS" ?

- Have you configured "VPN Service" ?

- Are you using "LAN Address reservation (bind MAC to a fix IP address) ?

- Have you done a factory reset after the upgrade ?

 

I'm really scared about upgrading, because I made really bad experiences with FW after 2.5.1.16 and a factory reset of the system leads in a lot of work to reapply the configuration (or I load the config backup).

From my point of view, the usual suggestions to do a factory reset after an upgrade is a pain and should not be necessary.

 

Would be great if you can give me more details about your working setup. Then I could estimate if an upgrade is worth it.

 

My setup:

RBR50 and 2 RBS50 connected wirelessly and an RBS50 connected on ethernet

Message 7 of 27
timch
Luminary

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

I'm using the Orbi in AP mode but I've never done a factory reset in all the years I've had my Orbi, and I have tried both modes.  I use AP mode for convenience only. 

Message 8 of 27
Ha_Ku_Na
Luminary

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

ok, thats a difference, and includes also that you cannot use all these features:

- Access Control

- Port Forwarding

- Dynamic DNS

- VPN Service

- LAN Address reservation

Message 9 of 27
faizankhan85
Aspirant

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Hello All

 

Quick question in relation to firmware update to 2.6.1.40:

 

I am currently on 2.5.1.16 so should I first update to 2.5.2.4 or can I direectly update to 2.6.1.40?

 

Thanks!

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 10 of 27
FURRYe38
Guru

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

You can directly. 

 

Message 11 of 27
faizankhan85
Aspirant

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Thank you for your fast response!

Message 12 of 27
FURRYe38
Guru

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Apply the RBS first first, then RBR. I would power OFF the RBR and RBS for 1 minute then back ON after the FW has been process by the RBS and RBR. 


@faizankhan85 wrote:

Thank you for your fast response!


 

 

Message 13 of 27
jijun1964
Guide

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

RBR50 and RBS50 Firmware 2.6.1.40 just update manually, update smoothly , all connected device show properly, vary stable. Thank You. for provide update firmware continuously. 

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 14 of 27
Ha_Ku_Na
Luminary

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Could you please also post some deatils of your configuration ?

like:

- are you using the Orbi system in Router or AP mode ?

- Are you using "Access Control" ?

- Are you using "Port Forwarding" ?

- Are you using "Dynamic DNS" ?

- Have you configured "VPN Service" ?

- Are you using "LAN Address reservation (bind MAC to a fix IP address) ?

- Have you done a factory reset after the upgrade ?

 

Because I think the mode can make a big difference regarding stability. 

I use it in Router mode because this makes it easier to change the internet provider. 

Message 15 of 27
FURRYe38
Guru

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Well, wanted to try v40 on my RBK50 series with the RBS50 ethernet connected. 

ARP storm is happening on v40 as well...

ARP Storm with v40:

ARMStormRBS50EthernetConnected.png

 

Downgraded to v16 which was working well last time...

No ARP Storm with v16 loaded:

NoARPStormRBS50EthernetConnectedv16.png

 

So I recommend for users of the 50 series Orbi who have RBS ethernet connected with a switch or more, keep v16 loaded. Hopefully NG can fix this in future updates.

 

@Blanca_O 

Message 16 of 27
LilianMoraru
Aspirant

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

"Security issues" is "user issues".

You login over HTTPS by default, which is a good security practice that they didn't follow up to this point.

 

My issue with it: 2.6.1.40 changed my password and I can't login into it any more...

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 17 of 27
FURRYe38
Guru

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Besure to clear out all browser caches before going to the RBRs web page.

Be sure your typing in the correct PW values.

Try a different browser to compare.

 

Factory reset the RBR and setup from scratch as last resort. 


@LilianMoraru wrote:

"Security issues" is "user issues".

You login over HTTPS by default, which is a good security practice that they didn't follow up to this point.

 

My issue with it: 2.6.1.40 changed my password and I can't login into it any more...


 

Message 18 of 27
LilianMoraru
Aspirant

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

I never type the password manually, I use a password manager.

I had to do a password reset by manually introducing the serial number.

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 19 of 27
FURRYe38
Guru

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Try manually typing in it to be sure. 

Message 20 of 27
JitM
Aspirant

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Hi,

 

I have same ORBI setup at home RBR50 and RBS50.

 

I never done any manually firmware updates, I always use smartphone app to check for updates and then update them if available.

 

My current version is 2.5.2.4 and smartphone app is not showing me this new update if I use check for new updates. It is showing my firmware is up to date.

 

But it is clear that Netgear has relased this version 2.6.1.40 which i can see in their download section as well.

 

SInce my app is not showing this version does it mean this is not mandatory version for me to upgrade?

 

Cheers,

JM

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 21 of 27
alokeprasad
Mentor

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Nothing is mandatory unless pushed to the device by Netgear without user intervention.  That happens very rarely.

 

You can check the release notes (which doesn't say much), and security bulletins at https://www.netgear.com/about/security/ and see if you are up to updating the devices manually following the instructions here

 

https://kb.netgear.com/31573/How-do-I-manually-upgrade-firmware-on-my-Orbi-router-using-orbilogin-co...

 


@JitM wrote:

 

SInce my app is not showing this version does it mean this is not mandatory version for me to upgrade?

 

Cheers,

JM

 


 

Message 22 of 27
FURRYe38
Guru

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

Message 23 of 27
vajim
Master

Re: RBR50 / RBS50 Firmware Version 2.6.1.40


@FURRYe38 wrote:

https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerabili...


Meaningless ....why post this here?

 

Shouldn't this go to firmware developers ??

Message 24 of 27
alokeprasad
Mentor

Re: RBR50 / RBS50 Firmware Version 2.6.1.40

This is a rare instance when NG has documented a problem and the fix for it.  Lets not fight it.

 

Making users aware of this is a a good thing. This way, users can look up the details of the security issue, decide how serious it is, and whether to update their firmware to 2.6.1.40 or newer (for RBK50's). 

 

security_advisory_for_unauthenticated_command 

https://nvd.nist.gov/vuln/detail/CVE-2020-27861 

 

"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076"

NIST severity score = 8.8/10 (High)

Message 25 of 27
Top Contributors
Discussion stats
  • 26 replies
  • 10318 views
  • 6 kudos
  • 12 in conversation
Announcements

Orbi 770 Series