NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RBR50 / RBS50 Firmware Version 2.6.1.40
Available here: RBR50 / RBS50 Firmware Version 2.6.1.40 | Answer | NETGEAR Support New Features and Enhancements: Supports HTTPS on the LAN Security Fixes: Fixes security issues When ther...
Nothing is mandatory unless pushed to the device by Netgear without user intervention. That happens very rarely.
You can check the release notes (which doesn't say much), and security bulletins at https://www.netgear.com/about/security/ and see if you are up to updating the devices manually following the instructions here
JitM wrote:
SInce my app is not showing this version does it mean this is not mandatory version for me to upgrade?
Cheers,
JM
This is a rare instance when NG has documented a problem and the fix for it. Lets not fight it.
Making users aware of this is a a good thing. This way, users can look up the details of the security issue, decide how serious it is, and whether to update their firmware to 2.6.1.40 or newer (for RBK50's).
security_advisory_for_unauthenticated_command
https://nvd.nist.gov/vuln/detail/CVE-2020-27861
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076"
NIST severity score = 8.8/10 (High)
alokeprasad wrote:This is a rare instance when NG has documented a problem and the fix for it. Lets not fight it.
Show me where this was a problem with casulaities and how they fixed it
