- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- « Previous
-
- 1
- 2
- Next »
Re: WPA2 - KRACK / Vulnerability
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Unknown by be - - I'm in the same boat with a legacy WiFi router
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Virtually every network device ever created is vulnerable unless a patch is made available.
It's entirely possible that some devices from various vendors are well past their end-of-support dates, and each vendor will have to make a decision on a case-by-case basis whether to offer a one-off patch or just consider them deprecated and suggest the user upgrade their hardware.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Where is the ORBI and ORBI Pro firmware updates to address this issue? You have had since end of August to develope a fix... its getting silly now,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Not going to let this subject slide to the bottom of the forums.
Netgear where is the update for this exploit? It shouldnt be that difficutl to patch since you have already addressed it on many of your other products. Why are you exposing all Orbi users to potential issues through your inaction!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
I agree this needs to be addressed ASAP. Don't wait till after the fact. These things need to be got in front of before we are singing the woes.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Just to put things into perspective, the KRACK attack is not so much a router attack as a client one. So the satellite may need updating (assuming it's using WPA for securing connectivity) but the router doesn't necessarily need one. See the following from the KRACK discoverer's site:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
This is a important issue and our engineering team is working on a fix for this exploit for orbi I do not have a exact date on a update but its a high priority.
DarrenM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
In the meantime while fix to hack is being worked on can we have the ability to turn off wifi per schedule? To minimize threats to wireless when not needed we can turn off?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
I don't believe this would have the effect you want. As I understand it, the threat is only present when the Orbi satellite connects to the Orbi router. If the system remains up and running, there is no threat.
Turning off the WiFi would create a vulnerability each time it's turned back on and the satellite is forced to reconnect. This would vastly increase the vulnerability.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Unfortunately, simply leaving the system up and running provides no protection against this attack. If an attacker is going to interfere with your communications to effect the KRACK attack, it is trivial for them to deauth the satellite and force it to re-auth whenever the attacker wants.
This certainly appears to be a very serious risk to systems using Orbi satellites and I hope that Netgear quickly releases a patch.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
SOLUTION = BETA FIRMWARE PATCH
NetGear released a patch on 2017-11-02.
Although I had contacted support via email, I never received any response, whether "yes, it's a problem" or "we've issued a patch."
Not the best experience, not a way to build confidence.
But, at least there is finally a patch.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Is this patch going to be part of the next Firmware release or we will need to patch again after taking next Firmware?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Downloaded both files
unzipped both and read the release notes.
backed up 2.0.0.74 settings
manually installed 2.0.0.76 beta on both RBS50 units
once they rebooted and came back up on the new firmware
manually installed 2.0.0.76 beta on the RBR50
checked all settings and nothing changed...
BUT, normally when you install a beta firmware you are supposed to hard reset (paperclip) the router and satellites and then manually configure them from scratch. This is to implement the new code.
You are NOT supposed to restore from the backup you made on the previous version of firmware either. This is to preclude any settings being brought forward that may conflict or improperly interact with the new firmware.
It made no mention of doing this on the beta firmware page or in the readme files... so I didn't do it and don't really know if the "hotfix" is actually implemented and running on the RBK53 system. All devices report they are running the new firmware, but are they really without a hard reset?
I am going to defer to Netgear admins to provide clarification on this topic.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Hi,
Trying to update my setup, starting with the sattelite, I do a manual update, select the proper firmware, it uploads and that's it, nothing happens.
Any suggestions?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Download and unzip the RBR and RBS beta firmware.
Power cycle all your devices (RBR50 and RBS50(s))
once everything is up, go to advanced>administration>attached devices
write down the IP address(s) of the satellite(s)
enter the satellite(s) IP address in your browser
enter the UID and PWD (same as your router)
select firmware update
browse and navigate to the unzipped folder for the RBS units
select and open the img file
select upload
that should get the job done.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Hi,
Thanks for the reply. I did all of the steps above, except the pre boot. Rebooted my setup and now they updated fine. So running on 2.0.0.76 now.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
The Hotfix did not work out well for me. Had devices all over the house randomly dropping off and then coming right back on again. With 1 Echo, 2 Taps and 8 Dots it got annoying having them keep announcing they had lost their connection. Similar issue with Wink Hub2, and iSmart alarm cams. Downgraded back to 2.0.0.74, hard reset all devices and then manually set up from scratch.
Things are stable again. TP-Link LB100's were dropping connections too. IDK... guess that's why they call it a beta.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Does anyone know if a new official Firmware will be released that will include this vulnerability fix?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
@wchp wrote:The Hotfix did not work out well for me. Had devices all over the house randomly dropping off and then coming right back on again. With 1 Echo, 2 Taps and 8 Dots it got annoying having them keep announcing they had lost their connection. Similar issue with Wink Hub2, and iSmart alarm cams. Downgraded back to 2.0.0.74, hard reset all devices and then manually set up from scratch.
Things are stable again. TP-Link LB100's were dropping connections too. IDK... guess that's why they call it a beta.
Given the only change to the current production firmware was supposed to be the KRACK fix, I'm quite surprised by this. I also applied it at home (3 Echos, 2 Dots, 2 Nests, 9 Nest Protects, and 1 Google Home Mini) completely without issue - the network works just as well before as after.
I'm in AP mode - not sure if that makes a difference.
Rodney
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WPA2 - KRACK / Vulnerability
Netgear's slow and unresponsive attitude to the Krack exploit is very worrisome. Even though the Orbi is sold, and priced, as a premium WiFi mesh solution it is not getting any significant improvments. The Krack fix is still in beta, the guest network in AP mode is worthless due to lack of isolation, the iOS app is poor and missing features.
If you look at some of the other Mesh WiFi products they are adding feature and refinements. One small example, on a competitor's system they have an isolated guest network and you can send someone an invite with access to your guest network for a specific amount of time. ie. 1 hour, 12 hours or 1 day.
"Knock, knock Netgear...is anyone there?"
- « Previous
-
- 1
- 2
- Next »
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more