NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

brianld's avatar
brianld
Apprentice
Oct 19, 2023

Unrestricted access to router admin UI

This is an odd one that I can't seem to pinpoint:

 

1. Reset entire system to factory defaults.

2. Set up the system again.

3. Establish admin password, as required.

4. Login to Router Admin page (192.168.1.1) using password set initially in step 3.

5. Click logout in upper-right corner.

6. Open ANY browser on my local network (connected to my "main" wifi SSID).

7. Navigate to Router Admin page (192.168.1.1).

8. Voila, automatically logged in with unrestricted admin rights, no password asked for.

 

I have tried from multiple computers (with diff IPs obviously), multiple browsers on same computer, incognito mode browser on multiple computers, browser inside my Win11 VM, etc.  All seamlessly able to administer the router without the password.

 

I have the IoT network and Guest networks enabled.  Can replicate this unrestricted access on the IoT network.  Cannot access 192.168.1.1 at all from Guest network, so one could argue this isn't a huge security issue.  Thought maybe it was because I had the Guest network enabled ("trust anyone on my own private network"), but that doesn't appear to be the case as I disabled the Guest network and the issue is still present.

 

Apparently I got a "special" Orbi 970 if no one else is seeing this same behavior!  Scratching my head.

11 Replies

Sort By
  • FURRYe38's avatar
    FURRYe38
    Guru
    Oct 19, 2023

    How soon are you logging out then back In to the RBRs web page? 

    Does your browser save the log in info and password as well? 

    • brianld's avatar
      brianld
      Apprentice
      Oct 19, 2023

      I've gone over an hour between login attempts and am still able to login.  Have logged in from my primary machine, logged out, went and started up my son's computer, went to 192.168.1.1 and was in without even being prompted for credentials.

      • FURRYe38's avatar
        FURRYe38
        Guru
        Oct 19, 2023

        Something you might submit a support ticket about. Something I've not seen with my system. 

        Straq 

  • Dfran1's avatar
    Dfran1
    Apprentice
    Oct 20, 2023

    WOW  ,  I have been in and out of my 970 system many times with my mac mini, chrome book, and iPhone safari ....

    Always a pop up to type user and password.

     

    With that other white light problem , I would have to say you have defective equipment , BUT that is just my opinion 

    • brianld's avatar
      brianld
      Apprentice
      Oct 20, 2023

      Dfran1 yeah, it’s the weirdest thing. And quite concerning. Also surprised that no one else has seen the same behavior. 

      • FURRYe38's avatar
        FURRYe38
        Guru
        Oct 20, 2023

        Just because one user sees a problem doesn't mean others should see same thing. Possible this users unit is just faulty or in a bad state. I've not seen this ever since day one on mine. I get the log in windows each and every time I go to the routers web page.