Netgear Orbi devices were found to have a security vulnerability that allowed an attacker to extract information and possibly take control of your Orbi device. Netgear has since released an update to rectify the vulnerable firmware. They are encouraging all users to update their devices ASAP.
How To Update
To download the latest firmware for your NETGEAR product:
- Visit NETGEAR Support.
- Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model. - Click Downloads.
- Under Current Versions, select the download whose title begins with Firmware Version.
- Click Download.
- Follow the instructions in your product’s user manual, firmware release notes, or product support page to install the new firmware.
Impacted Devices
NETGEAR has released fixes for a sensitive information disclosure security vulnerability on the following product models:
RBW30, running firmware versions prior to 2.6.1.4
RBS40V, running firmware versions prior to 2.6.1.4
RBK752, running firmware versions prior to 3.2.15.25
RBK753, running firmware versions prior to 3.2.15.25
RBK753S, running firmware versions prior to 3.2.15.25
RBK754, running firmware versions prior to 3.2.15.25
RBR750, running firmware versions prior to 3.2.15.25
RBS750, running firmware versions prior to 3.2.15.25
RBK852, running firmware versions prior to 3.2.15.25
RBK853, running firmware versions prior to 3.2.15.25
RBK854, running firmware versions prior to 3.2.15.25
RBR850, running firmware versions prior to 3.2.15.25
RBS850, running firmware versions prior to 3.2.15.25
Security Vulnerability Disclosures
| CVE-2021-29082 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3… | Tue, 23 Mar 2021 04:02:27 |
| CVE-2021-29081 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before… | Tue, 23 Mar 2021 04:02:14 |
| CVE-2021-29080 | Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, … | Tue, 23 Mar 2021 04:01:53 |
| CVE-2021-29079 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.1… | Tue, 23 Mar 2021 04:01:40 |
| CVE-2021-29078 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.1… | Tue, 23 Mar 2021 04:01:27 |
| CVE-2021-29077 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RB… | Tue, 23 Mar 2021 04:01:05 |
| CVE-2021-29076 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.1… | Tue, 23 Mar 2021 04:00:39 |
| CVE-2021-29075 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.1… | Tue, 23 Mar 2021 04:00:22 |
| CVE-2021-29074 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.1… | Tue, 23 Mar 2021 04:00:08 |
| CVE-2021-29073 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6… | Tue, 23 Mar 2021 03:59:54 |
| CVE-2021-29072 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK… | Tue, 23 Mar 2021 03:59:24 |
| CVE-2021-29071 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK… | Tue, 23 Mar 2021 03:58:55 |
| CVE-2021-29070 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK… | Tue, 23 Mar 2021 03:58:40 |
| CVE-2021-29069 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and W… | Tue, 23 Mar 2021 03:58:23 |
| CVE-2021-29068 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R70… | Tue, 23 Mar 2021 03:58:11 |
| CVE-2021-29067 | Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK8… | Tue, 23 Mar 2021 03:57:47 |
| CVE-2021-29066 | Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12,… | Tue, 23 Mar 2021 03:57:26 |
| CVE-2021-29065 | NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass…. | Tue, 23 Mar 2021 03:57:13 |
