NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Sprucan's avatar
Sprucan
Aspirant
Jul 18, 2022

Orbi RBR50

Basic question - why is there no secure login when I access my Orbi router? When I try to use HTTPS, it defaults to "non-secure." I don't want to change PW, etc. via a non-secure connection. What am...
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Jul 19, 2022
ekhalil wrote:

In the Orbi AX routers there is an option under >> Advanced >> Advanced Settings that's called HTTPS where you can activate https.

I gues this was also introdcued in the original Orbi as well? I don't currently have access to my RBR50 router, can you please check. 🙂

Yes. It is on the Advanced Tab, Advanced Settings.

 

Web browsers will complain about the SSL certificate being self-signed.  If you click the option to "go there anyway", the browser will remember and not complain again.

 

Sprucan's avatar
Sprucan
Aspirant
Jul 28, 2022

Web Services Management is there but grayed out.

I can't click on it to make the change.

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Jul 28, 2022

    Well, how fun.  Remains there on my old RBR50, but grayed out on a newer AX.  One would hope for at least a little consistency in the firmware.

     

    The reason most of us are not hyper paranoid about the web administration not being SSL is because the communication takes place entirely within the LAN.  It is technically possible for someone to snoop on a WiFi network and collect packets to crack the WPA2 encryption code.  This article explains the process: https://www.howtogeek.com/202441/your-wi-fi’s-wpa2-encryption-can-be-cracked-offline-here’s-how/ 

     

    Notice the comment that it may take "years" to crack a 20 character WiFi password.  So, someone has to be close enough to snoop on your WiFi to gather a four-way authentication.  Go off somewhere to try every possible password against it until they find one that works. Then return and sit collecting your WiFi traffic until you do something sensitive (like entering or changing the router password using http).  Everything else that goes across the WiFi is probably SSL encrypted or video files.

     

    In other words, I am a million times more paranoid about someone coming in and pyhsically stealing all my computer equipment than I am about someone nabbing a router password entry.

     

    All that aside, I agree 100%.  The option is there. Netgear should let the customer set the damn thing.