- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Firmware 2.3.5.30 Security Vulnerability?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I just updated my Orbi RBR50/RBS50 to the new Firmware 2.3.5.30. I am also a subcriber of the Netgear Bitdefender Armor. After the update I got a notification for a potential security risk (see attached screenshot). Is this supposed to happen? Should Netgear do something about it?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please post in the Armor forum about this:
https://community.netgear.com/t5/NETGEAR-Armor/bd-p/en-home-armor
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please post in the Armor forum about this:
https://community.netgear.com/t5/NETGEAR-Armor/bd-p/en-home-armor
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Firmware 2.3.5.30 Security Vulnerability?
@stefan_eb wrote:Should Netgear do something about it?
Ha! This is SO COOL. Netgear is ratted out by their own partner. Using http for the "inside the LAN" router access is a feature of many routers, not just Netgear. I have never seen an explanation for why they do this, but my own (personal) belief is:
- People are supposed to use complex passwords on the administrative account.
- If someone has physical access to a wired port on the Orbi, then they are "inside the safe" and already can do anything they want.
- If someone wants to hack using WiFi, they have to breach the (supposedly) complex WiFi password.
- If the owner is paranoid, he can use Access Control to keep anyone from attaching a new device.
The goofy part is that when "Remote Access" is turned on, that interface is https. So, they already support a secure web interface. They just don't use it for internal access.
This is well documented issue that Netgear (and other router makers) seem to think is not a high priority.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Firmware 2.3.5.30 Security Vulnerability?
I would agree that the LAN side UI may need HTTPS at some point, however not alot of hacking goes on on the LAN side. Though not everyone seems to be proactive in some counter measures, Mfrs may be just waiting for a real need for HTTPS on the routers UI. May involve more than just changing protocols as well. Most routers and APs and such don't use HTTPS for LAN side access. Been like since since the start. Some printers now do though.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Firmware 2.3.5.30 Security Vulnerability?
Quick update. Netgear Engineering is aware of this issue and will offer a solution in a firmware update.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Firmware 2.3.5.30 Security Vulnerability?
Thank you for letting us know.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more