Netgear Orbi routers have some troubling security issues, so patch now

Netgear Orbi AX4200 RBR750/RBS750
(Image credit: Netgear)

If you own a Netgear Orbi RBR750/RBS750 networking devices, then you’ll want to make sure you’re running the latest firmware to stay clear of some pretty alarming security vulnerabilities.

Experts from Cisco Talos, ironically part of one of Netgear's biggest rivals, revealed that three of the four vulnerabilities have since been patched, including one critical issue that was awarded a score of 9.1 out of 10. 

However, one (less severe) issue remains at large.

Netgear Orbi security vulnerabilities

The most significant finding - CVE-2022-37337 - has luckily been patched. According to Talos, “the access control functionality of the Orbi RBR750 allows a user to explicitly add devices (specified by MAC address and a hostname) to allow or block the specified device when attempting to access the network.”

Many were reasonably safe from attacks because the hacker would have needed to gain access to the device, primarily leaving unprotected networks at risk, however even some protected networks may have been exposed due to weak SSID passwords.

A further two issues existed, though as above, they have been issued a patch. The fourth issue, which remains unfixed, is specific to the router node meaning that even Orbi users who have not rolled out the full mesh Wi-Fi 6 setup are at risk. The Talos summary reads:

“A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.”

Enabling automatic updates is sensible to help prevent attacks, however sometimes critical vulnerabilities come around and require a more proactive approach. Manually checking for an update can help make sure that it hasn’t been missed, or is not scheduled for a future installation.

TOPICS
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!