×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Re: Manual mentions orbilogin.com, which not a secure connection

Chris96
Tutor
Tutor
‎2020-05-11 12:56 AM
‎2020-05-11 12:56 AM

Manual mentions orbilogin.com, which not a secure connection

While trying to solve an internet connection issue, I found a Netgear Manual for my Orbi RBR50 online. It recommends that you login with your admin user name and password on orbilogin.com. This is not a secure site, so I will obviously not enter my admin user name and password. Apparently Netgear hasn't fixed this since 2018, because in a old discussion re this topic, a user mentions the same problem. Another user suggests using https://orbilogin.com/ That one doesn't work though (you immediately get a warning that the site isn't secure). How can I safely login to my router? Thanks.

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 2
0 Kudos
Reply

Accepted Solutions
x3ja
Tutor
Tutor
‎2020-05-11 07:25 AM
‎2020-05-11 07:25 AM

Re: Manual mentions orbilogin.com, which not a secure connection

If you look at where orbilogin.com routes to, it should be the IP of your router - e.g.

> ping orbilogin.com -n 1
Pinging orbilogin.com [192.168.0.1] with 32 bytes of data 
Reply from 192.168.0.1: bytes=32 time=5ms TTL=100

It's not actually an external IP address so your credentials are only going locally. There's no simple way for Netgear to distribute valid certificates to be used by routers as these are tied to the domain name system and, if it were to be tied to orbilogin.com, they'd have to distribute the private/secret key with all routers which would be an even worse security problem. 

 

The best thing you can do is use https://orbilogin.com and trust the certificate at a time you're sure your network isn't compromised. Then, if the certificate changes you'll notice. You could do this with 192.168.0.1 (or whatever IP you have it set to) but I'm not sure you'd be able to trust that cert and you could end up needing to use that IP address when connected to a different network or something. 

View solution in original post

Model: RBS40|Orbi AC2200 Tri-band WiFi Add-on Satellite
Message 2 of 2
Reply

All Replies
x3ja
Tutor
Tutor
‎2020-05-11 07:25 AM
‎2020-05-11 07:25 AM

Re: Manual mentions orbilogin.com, which not a secure connection

If you look at where orbilogin.com routes to, it should be the IP of your router - e.g.

> ping orbilogin.com -n 1
Pinging orbilogin.com [192.168.0.1] with 32 bytes of data 
Reply from 192.168.0.1: bytes=32 time=5ms TTL=100

It's not actually an external IP address so your credentials are only going locally. There's no simple way for Netgear to distribute valid certificates to be used by routers as these are tied to the domain name system and, if it were to be tied to orbilogin.com, they'd have to distribute the private/secret key with all routers which would be an even worse security problem. 

 

The best thing you can do is use https://orbilogin.com and trust the certificate at a time you're sure your network isn't compromised. Then, if the certificate changes you'll notice. You could do this with 192.168.0.1 (or whatever IP you have it set to) but I'm not sure you'd be able to trust that cert and you could end up needing to use that IP address when connected to a different network or something. 

Model: RBS40|Orbi AC2200 Tri-band WiFi Add-on Satellite
Message 2 of 2
Reply
Top Contributors
See All
Discussion stats
  • 1 reply
  • ‎2020-05-11 12:56 AM
  • 753 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 7