Re: Security vulnerability in Orbi

OrbiMan · ‎2017-04-11

I happened to run avast wifi analysis and it found the 2 vulnerability in Orbi Router software listed below. Can anyone who is more technically minded confirm this? Orbi is a brand new system it should be patch against security holes that been reported since 2013.

https://www.rapid7.com/db/vulnerabilities/miniupnpd-cve-2013-0229

https://www.rapid7.com/db/vulnerabilities/miniupnpd-cve-2013-0230

DarrenM · ‎2017-04-12

Hello orbiman

Please report these at the link below.

https://bugcrowd.com/netgear

DarrenM

JMU1998 · ‎2017-04-12

this is a security related item and requires immediate Engineering attention please!

rhester72 · ‎2017-04-12

Neither of these are barn-burners, honestly - one's a possible denial-of-service and the other is a _possible_ privileged exploit, both of which require the attack to come *from the internal network*. While I agree it's nice to have _all_ vulnerabilities mitigated, that isn't realistic, and these two in particular fall somewhat into the "meh" category of risk. Yes, they should be fixed, but no, I don't think it likely (or necessary) that Netgear engineering is going to drop whatever it's doing to jump right on this.

Rodney

JMU1998 · ‎2017-04-12

Thank you for taking the time and explaining the details for those who were interested, appreciate it!