Reply
Highlighted
Luminary

Security vulnerability in Orbi

I happened to run avast wifi analysis and it found the 2 vulnerability in Orbi Router software listed below.  Can anyone who is more technically minded confirm this?  Orbi is a brand new system it should be patch against security holes that been reported since 2013.

 

https://www.rapid7.com/db/vulnerabilities/miniupnpd-cve-2013-0229

https://www.rapid7.com/db/vulnerabilities/miniupnpd-cve-2013-0230

Model: Orbi High-Performance AC3000 Tri-Band WiFi System (RBK50)
Message 1 of 5
Highlighted
NETGEAR Moderator

Re: Security vulnerability in Orbi

Hello orbiman

 

Please report these at the link below.

 

https://bugcrowd.com/netgear

 

DarrenM

Message 2 of 5
Highlighted
Luminary

Re: Security vulnerability in Orbi

this is a security related item and requires immediate Engineering attention please!

Message 3 of 5
Highlighted
Virtuoso

Re: Security vulnerability in Orbi

Neither of these are barn-burners, honestly - one's a possible denial-of-service and the other is a _possible_ privileged exploit, both of which require the attack to come *from the internal network*.  While I agree it's nice to have _all_ vulnerabilities mitigated, that isn't realistic, and these two in particular fall somewhat into the "meh" category of risk.  Yes, they should be fixed, but no, I don't think it likely (or necessary) that Netgear engineering is going to drop whatever it's doing to jump right on this.

 

Rodney

Message 4 of 5
Highlighted
Luminary

Re: Security vulnerability in Orbi

Thank you for taking the time and explaining the details for those who were interested, appreciate it!

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 3350 views
  • 4 kudos
  • 4 in conversation
Announcements