- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Nighthawk R9000 vulnerability affects Orbi also?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nighthawk R9000 vulnerability affects Orbi also?
A new vulnerability has been discovered in the Nighthawk R9000 router:
https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/
Reading it, it sounds like something that could affect all Netgear routers. Do we have confirmation if this is the case, and if so, when a fix might be available?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Nighthawk R9000 vulnerability affects Orbi also?
Please post about this here for your model router:
https://community.netgear.com/t5/Nighthawk-WiFi-Routers/bd-p/home-wifi-routers-nighthawk
You might try Voxels 3rd party FW as well.
Orbi isn't listed one the effect models they tested.
Good Luck.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Nighthawk R9000 vulnerability affects Orbi also?
@DavidShawP wrote:A new vulnerability has been discovered in the Nighthawk R9000 router:
https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/
Reading it, it sounds like something that could affect all Netgear routers. Do we have confirmation if this is the case, and if so, when a fix might be available?
This is indeed a fascinating article. Appears that they did a substantial amount of work on each product, which may explain why they tested only one product from each company. My "guess" is that some of these (or similar) vulnerabilities exist in the Orbi product line as well. Orbi firmware appears to be based on OpenWRT, specifically DISTRIB_DESCRIPTION='OpenWrt Chaos Calmer 15.05.1' Since Netgear's Nighthawk line has been around for so many years, I (also guess) that it is based on internally developed software.
The practical significance of such vulnerabilities to "one of us" is an interesting question. What is someone likely to gain from devoting the considerable effort to hack MY home network? So, my plan is to continue what I have been doing: (1) limit browsing to web sites I trust, (2) maintain good password habits, (3) backup files frequently, and (4) not allow external access to the router. If it's not listening on ports 22, 43, and 443 on the WAN, most of those vulnerabilities require local access.
I hope their next round of tests includes the popular mesh systems that are "selling like hot cakes": Google WiFi, Linksys Velop, TP-Link Deco, Asus Lyra, Samsung Smart Things, and our Netgear Orbi.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more