Netgear Orbi routers have some troubling security issues, so patch now

Update Netgear Orbi firmware now, and keep an eye out for another update soon

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you own aNetgearOrbi RBR750/RBS750 networking devices, then you’ll want to make sure you’re running the latest firmware to stay clear of some pretty alarming security vulnerabilities.

Experts fromCisco Talos, ironically part of one of Netgear’s biggest rivals, revealed that three of the four vulnerabilities have since been patched, including one critical issue that was awarded a score of 9.1 out of 10.

However, one (less severe) issue remains at large.

Netgear Orbi security vulnerabilities

The most significant finding - CVE-2022-37337 - has luckily been patched. According to Talos, “the access control functionality of the Orbi RBR750 allows a user to explicitly add devices (specified by MAC address and a hostname) to allow or block the specified device when attempting to access the network.”

Many were reasonably safe from attacks because the hacker would have needed to gain access to the device, primarily leaving unprotected networks at risk, however even some protected networks may have been exposed due to weak SSID passwords.

These are the best endpoint protection tools around>Netgear Wi-Fi routers need to be patched immediately>This Netgear Orbi firmware update actually locked out users

A further two issues existed, though as above, they have been issued a patch. The fourth issue, which remains unfixed, is specific to therouternode meaning that even Orbi users who have not rolled out the full mesh Wi-Fi 6 setup are at risk. The Talos summary reads:

“A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Enabling automatic updates is sensible to help prevent attacks, however sometimes critical vulnerabilities come around and require a more proactive approach. Manually checking for an update can help make sure that it hasn’t been missed, or is not scheduled for a future installation.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Your next smartwatch could be battery-free – and powered by your skin