×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Orbi WiFi 7 RBE973
Reply

Security fixes in various firmware versions

alokeprasad
Mentor

Security fixes in various firmware versions

I am going through Netgear's security bulletins on

https://www.netgear.com/about/security/

 

1st observation: A boatload of fixes were announced on 9/17/2020.  The RBK7XX and RBK8XX are a hot mess!  Many issues fixed for those systems.

 

2nd observation: For RBK50, a zero day vulnerability (ZDI ID: ZDI-CAN-11076) was fixed in ver 2.6.1.40.  Per

https://www.zerodayinitiative.com/advisories/published/

this rated at 8 8.8/10.  So, very severe.

 

I couldn't get any other info on this vulnerability.  But, as this is a known zero-day exploit, I'll try to update my system to 2.6.1.40.

 

Any advice for me? Any gotcha's w this version?

 

Thx.

Aloke

PS: the release notes for 2.6.1.40 "helpfully" says: Fixes security issues Smiley Frustrated

Model: RBK53|Orbi AC3000 Tri-band WiFi System
Message 1 of 4
CrimpOn
Guru

Re: Security fixes in various firmware versions

Thanks for providing the URL.  I have (long) wondered why Netgear provided no link to what these "security fixes" are in product release notes.  No idea what the "search box" accomplishes.

Message 2 of 4
FURRYe38
Guru

Re: Security fixes in various firmware versions

Message 3 of 4
Ha_Ku_Na
Luminary

Re: Security fixes in various firmware versions

Are you using your Orbi in router or AP mode ?
I've also seen the ZDI and I'm still on 2.5.1.16 because all newer FW are close to unusable for me.

 

Therefore all these questions seems to be important for newer firmwares:

- are you using the Orbi system in Router or AP mode ?

- Are you using "Access Control" ?

- Are you using "Port Forwarding" ?

- Are you using "Dynamic DNS" ?

- Have you configured "VPN Service" ?

- Are you using "LAN Address reservation (bind MAC to a fix IP address) ?

- Have you done a factory reset after the upgrade ?

 

I use it in router mode and I'm using all the features above. But I don't want to do a factory reset. Or can I just import the saved configuration afterwards?

There are some user experiences with 2.6.1.40 but it looks like all these are using their Orbi only in AP mode.

 

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 752 views
  • 1 kudo
  • 4 in conversation
Announcements

Orbi WiFi 7