Friday, September 13, 2024 • Welcome to the 💯 Nonsense-Free Zone!
🛍️ Today’s 🔥 Deals on An image of Amazon logo🛒

Quietly, Netgear Kills Web-based Remote Management, Pushes Mobile Apps in a New Unsavery Trend

Share what you're reading!

Here’s some upsetting news for those who use Netgear home Wi-Fi routers. As it turned out, the networking vendor has been quietly killing off useful features from its networking devices.

Over the years, the company has slowly been removing non-essential features such as QoS and Parental Controls from its web user interface on new devices, favoring its subscription services.

Most recently, though, the web-based Remote Management feature has fallen victim to this practice—even retrospectively via firmware updates. And for advanced users—I count myself as one—that’s a real deal-breaker.

If you’re a Netgear fan, get yourself prepared for potential unpleasant surprises. Things that you’ve grown used to in your beloved router might change dramatically after a firmware update.

I first noted this when reviewing the WAX204 back in March 2021 but assumed its case was a one-off. However, when testing the latest flagship Orbi RBKE960, which also doesn’t have this feature, it became evident that this is a deliberate and systematic move.

I reached out to Netgear, and the company confirmed that it has been phasing out this feature entirely, including from devices that originally had it.

Orbi Web based remote management
Here’s the Web-based Remote Management section within the interface of an Orbi router—when still available. Note how you can change the port number to make it more secure.

So what is Remote Management anyway?

Web-based Remote Management is a valuable feature that allows users to remotely access a router’s web interface the way they do locally when at home.

It’s also available in other networking brands with different names, such as Remote Access, Web Administration, Web Acess from WAN, etc. In other words, it’s common. Advanced users generally expect and assume that it’s there.

Suppose you’re traveling and, for some reason, need to change your home Wi-Fi settings, restart your router, block a device, or even wake up a local machine via Wake on LAN. That’s where remote access comes into play.

Remote Management allows you to do that using the web browser of any Internet-connected computer or a mobile browser on a phone/tablet, even when you’re out and about. It’s like you’re there physically. It’s a crucial feature for anyone who manages an advanced network, professionally or for personal needs.

Most importantly, this remote administration feature works with Dynamic DNS to give you complete control of your home network via the router without any intrusive involvement of a third party. You won’t need a login account with the vendor, etc.

Remote Management is generally turned off by default. I wrote about how to turn it on and use it securely in this piece on DDNS.

Dynamic DNS: What it is and why it’s a valuable feature

What did Netgear do exactly, and why?

The company didn’t make any announcements or provide any guidelines. Instead, Netgear excludes the web-based Remote Management feature of its new routers starting in late 2020.

Furthermore, it also removes this feature on existing Orbi and Nighthawk routers via firmware updates, including gaming routers running DumaOS, like the XR1000 or XR500.

There’s no specific timeline for every affected model, but according to Netgear, the Orbi RBK750 series and Orbi RBK850 series lost this feature when upgraded to firmware ver. 4.6.3.7 and ver. 4.6.3.9, respectively.

In both cases, the removal of the feature wasn’t spelled out but labeled as:

“Fixes security vulnerabilities.”

It’s important to note that I reviewed these two models and most other Netgear routers when they still had Remote Management, which played a part in how I rated them.

The Orbi RBKE960 and WAX204 were the only two in which I experienced the lack of this feature during the testing.

You read it right. This feature, if disabled, which is the default on existing routers, will be removed when you upgrade the router to the latest firmware.

In other words, on routers that have this feature, you must use it if you want to keep it. And that was also the reason why its removal came as a surprise since I had always used this feature in all (Netgear) routers when available.

Below is the statement on the matter that Netgear provided me earlier this week on the matter:

“For any existing Orbi and Nighthawk product where the Remote Management feature is currently disabled, we will remove the ability to enable the feature. If an existing user previously enabled Remote Management, we will leave the support as enabled.

By turning on the Remote Management feature, a user will expose their router’s Web interface to the entire outside Internet. Although Netgear attempts to make our web interface as secure as possible, there is always the possibility of new security vulnerabilities being discovered.

If a vulnerability related to the web interface is found, the level of risk to a customer with Remote Management enabled is much higher as that vulnerability can now potentially be exploited from anywhere on the outside Internet, rather than from just within their local LAN.

Netgear now offers remote management capabilities via our Orbi and Nighthawk mobile apps, which use a much more secure mechanism of accessing the devices and does not require opening a port to the external Internet.”

So, Netgear cited the reason for the removal as a “security” matter. And it kind of had a point. Or did it?

Years ago, when the cyber world was still naive, innocent, and kind, the Remote Management feature was turned on by default with its default settings.

The engineers at the time were too excited about how helpful (and cool) it could be and never thought of how bad guys could take advantage of it.

That, plus the router’s known default username and password, make Wi-Fi 4 and older routers easily vulnerable to malicious parties. On top of that, firmware vulnerabilities are real.

In 2020, Netgear was one of few networking companies that had to deal with an onslaught of bad press about the security issues on its old, largely obsolete Wi-Fi routers, mainly because some media outlets sensationalized the “security” issue—many still do—for views and clicks. I wrote a piece on this matter.

Router vulnerability: It’s real and how to overcome it

But for years, security on modern home routers has been significantly tightened. In most, if not all, cases, a router won’t even connect to the Internet unless you change the default password. And remote access has always been turned off by default.

Sure, having this feature is like having another door susceptible to being left open by mistake or misuse. But that would be on the user, not the vendor.

A car company should not be held responsible if somebody messes up your car because you leave the door unlocked, so to speak.

In any case, I find Netgear’s drastic move on this front a bit unnecessary and doesn’t make sense if you think about it.

Why remove something when it’s already disabled? If security were indeed an issue, Netgear would pay attention to the cases where this feature is being used.

And it seems even more sinister considering what the company offers as the alternative.

Nighthawk web based Remote Management
The Web-based Remote Management section of a Nighthawk router, when still available

A big move in mobile app coercion

For over a decade, Netgear has made the mobile apps—the Orbi and Nighthawk apps for its Orbi mesh and Nighthawk routers, respectively.

Initially, the apps were optional. Users can choose to use the app or not. They can fully manage the router using just the local web interface.

The web interface doesn’t require a login account, allowing consumers to use a Netgear router completely independent from the vendor.

On the other hand, the apps require a Netgear login account, posing potential privacy risks. I wrote more about that in this post on mobile apps vs. web interfaces.

Router management: Web user interface vs. mobile app

Later on, in early 2019, Netgear started to add premium features that require the mobile app, starting with Armor protection which costs some $70/year.

Since then, it has gradually removed the once-free and helpful features from the web interface, including VPN, QoS, and Parental Controls, and offered them via new tiers of paid subscriptions. Over the years, the company has managed to hollow out its once-rich local web interface.

And now, with the removal of Web-based Remote Management, the Orbi or Nighthawk apps are the only way users can manage their home network remotely. It’s the most significant act of app coercion.

That said, security or not, Netgear is the only one that stands to benefit from this development. The more users who use the apps, the more likely it can nickel-and-dime them, not to mention the valuable data it can collect from its users via the required login account.

Privacy is a matter of degree—here’s Netgear’s privacy policy.

Your router and your privacy: Why you should care

Netgear Orbi 960 Advanced Settings
Here’s the Advanced Settings section of Netgear’s most expensive home Wi-Fi solution, the Orbi RBKE960. Note how the Remote Management feature is no longer available.

The takeaway

If you don’t use or haven’t heard of Remote Management, this doesn’t affect you.

And for now, you can still use the local web interface to manage Orbi or Nighthawk routers, albeit you might note that they’ll have fewer and fewer features.

That might change, however. The way Netgear has been acting on this front suggests that it may remove even more functions of the web interface or even the interface itself entirely.

For those who rely on this remote access to manage their home or businesses, this is upsetting—they no longer can count on new Netgear routers on this front.

This deliberate removal seems self-serving, and Netgear’s security rationale appears disingenuous. After all, the company still supports this feature on existing routers with it turned on.

Most disappointingly, Netgear seems to have started embarking on a new path in which it values the bottom line more than the experience of its loyal users.

This type of “bait and switch” practice, and the lack of transparency in going about it, make it hard for me to trust Netgear, once one of my favorite home networking brands, going forward. It’s sad.

If you’re using an older Netgear router that comes with Remote Management—those that came out in 2020 or earlier all do—and want to use this feature at some point, make sure you turn it on before updating the firmware. You can always turn it off later.

Looking for a new router today? It might be a good idea to consider a different networking brand instead.

Share what you just read!

Comments are subject to approval, redaction, or removal. You're in the no-nonsense zone and that applies BOTH ways.

It's generally faster to get answers via site/page search. Your question/comment is one of many Dong Knows Tech receives daily.  

  1. Strictly no bigotry, falsehood, profanity, trolling, violence, or spamming, including unsolicited bashing/praising/plugging a product, a brand, a piece of content, a webpage, or a person (•).
  2. You're presumed and expected to have read this page in its entirety, including related posts and links in previous comments - questions already addressed will likely be ignored.
  3. Be reasonable, attentive, and respectful! (No typo-laden, broken-thought, or cryptic comments, please!)

Thank you!

(•) If you have subscription-related issues or represent a company/product mentioned here, please use the contact page or a PR channel.

25 thoughts on “Quietly, Netgear Kills Web-based Remote Management, Pushes Mobile Apps in a New Unsavery Trend”

  1. Hi Dong, as your opening statements say, this is a lot of tough news for fans of Netgear. Ever since I first went from Dial-Up to DSL, I have used Netgear Routers and almost always was quite happy with them. Programming/Administering them from a browser was fairly simple. Even when I had some issues getting certain pieces of equipment to connect, I could usually find a setting to change and voila, connection. I don’t really use the features mentioned in this article. But the whole mindset to take things away is a poor way to do things in the tech world. So, as mentioned in my other comment to you, I will be steering away from Netgear and probably go with Asus. Now I just have to figure out which one I want to go with. But I am leaning towards the RT-AX88U Pro for a few reasons, including it’s fairly new release date. The RT-AX86U might work fine for my needs, but it’s been around for about 5 years already. I see the RT-AX88U Pro on Amazon for $239.

    Reply
    • Count me in as one of those fans, John. It was really upsetting since we’ve used so many Netgear routers over the years. But you’re in for a nice surprise with the Asus. Take my word for it. 🙂

      Reply
  2. I recently bought a Nighthawk RS700 before reading your article. It replaced an ASUS router that was flaking out and dropping 2.4G clients.
    Had I read this article I would’ve never bought this brand. Oh well,
    I’m stuck with it for the next few years.

    Reply
        • Not with hardware released after Netgear’s decision to kill the feature — virtually all since late 2021.

          Reply
          • I have an R8500 Nighthawk and am still able to remotely admin it because I always had the option enabled. The day they kill it for me is the day that router goes in the garbage.

          • Hi I’m not sure what happened, but within the last month, on my Orbi RBR40, I can connect to “Anywhere Access” and manage individual devices remotely. It’s awesome. But there was about a 2 year gap where I could not do this.

          • Not as awesome as being able to do it via the web UI, Steve. There’s little you can do via the app.

  3. I have an Orbi RBR40 router with three indoor satellites and an outdoor satellite (stored in garage). My system has been great for five years and used remote management to turn off kids devices while I was traveling. I always used it and up until a year or so ago, it was fine. I never disabled it but am running v2.7.4.24 and cannot use the service any longer. They want me to download circle app and pay $9.99 / month to do the same thing. So lame. Any other options? I’d be interested in switching systems out of principle.

    Reply
  4. Dong,

    You confirmed what I feared, i.e. Netgear removed remote management from their popular routers. I just spent over an hour on my Nighthawk mesh MR70 trying to enable remote management, including searching the Internet for ‘How to do”. Previous (even cheaper routers) have it but now it disappears in Netgear?! Thankfully I found your article that confirmed my suspicion. After so many good reliable years with Netgear, we must get the word out to avoid their products. Your note about the deception (i.e. hiding what they did) is a red flag for potential users.

    Reply
  5. Thanks for the info. Will never be buying Netgear routers in the future. They have gone full Marxist/Commie…

    Reply
    • I hear you, Jonathan, but, to be fair, that’s a little harsh on the Commie or Marxist, if not entirely inaccurate. 🙂

      Reply
  6. Good info. Thank you. I’ve recently started using the app and was shocked to see that it connected via Anywhere Access to an older R8500 outside of the local network. Remote Management is turned on for that router so I still have the option. I figured if I turned it off the app wouldn’t be able to access it via Anywhere Access, but it does! That scares me. I’m not sure how Netgear is doing it. The app must be bypassing admin/pwd credentials???

    Reply
    • The vendor can have some sort of (local) backdoor to their product, Mike, for setup purposes. That’s not surprising. You must have been in the same network as that R8500 at some point and might have accidentally added it to your account.

      Reply
  7. Many Thanks for this great information and clear explanation. I went looking for Remote Management on my Netgear AC1750 R6400v2 router and could not find it anywhere using my web browser as I always do. I had not turned Remote Management on, so now it is gone. Even the Netgear user manual on Netgear’s sitedoes not mention this change (of course it was written in December 2016).

    Reply
    • Sure, G. You might be able to get it back (not guaranteed) by flashing an older firmware on it. Then turn the feature on before updating the router to the latest version.

      Reply
  8. Thanks for this info. I use remote management all the time. Guess I won’t be purchasing Netgear routers in the future.

    Reply
  9. It becomes simple to switch to a Company who is competent and can make web access via remote management secure enough. This is blatant incompetency on Netgear’s part. Another way is to have a low powered device like Raspberry Pi or Intel Nuc running 24×7 and use freeware Wireguard based VPN like tailscale to set up a static route to your router’s LAN. So when outside home LAN, fire up Tailscale app on Android or iPhone and simply type router’s LAN IP in browser and access it remotely. Plenty of articles on Tailscale to make it work. Very easy too.

    Reply

Leave a Comment

📌