This Netgear Orbi firmware update actually locked out users

NBR750 Front & Back
(Image credit: Netgear Inc.)

Netgear has finally released a fix for a broken update that locked people out of some of their devices and forced them to commit to a factory reset.

In late April 2022, the networking gear manufacturer released firmware update 4.6.8.2 for a number of Orbi devices (RBR750, RBS750, RBR850, and RBS850), as well as mesh Wi-Fi systems. However, the update seems to have messed things up, as users soon started reporting being unable to connect to their router’s admin console, both via the web browser, and the Orbi app. 

The device still worked, as pinging the device got a response. However, being locked out of the device means users were no longer able to make any configuration changes.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Pulling the update

It took Netgear two weeks to acknowledge the mess up. In mid-May, the company released an announcement: "We are aware of an issue affecting the Orbi RBK85x and RBK75x Series Mesh WiFi 6 Systems," it said.

"Some customers can no longer access or manage their Orbi systems through the Orbi app or the web user interface. A factory reset usually resolves this issue. We are working to understand the root cause and identify an alternative recovery method that doesn't require a factory reset."

Roughly at that point, Netgear even pulled the firmware update altogether, preventing further exacerbation of the issue. After that, a new patch was gradually rolled out. 

The patch seems to have fixed the problems: "Christine here from NETGEAR. I am reaching out to confirm u/mary55330 message and note that we have had a lot of positive feedback that this fix does in fact recover the ability to access the router settings via the app and web user interface," a Reddit post by a Netgear support member reads.

Not all users will get the fix immediately. For those that cannot wait, there is a solution:

"We will be deploying the fix to the general audience in the very near future so you're welcome to wait. For those who may not want to wait, please send me your serial number via direct message and I'll have the fix rolled out to you promptly."

Netgear did not explain what caused the issues in the first place.

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.