NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RAX120 login exposed?
I have checked the router setting for port forwarding / triggering, disabled remote management, etc. However the router's login prompt is accessible external using HTTP (not https though). Using http:...
You are logging into the router not an internet site its not such a concern, its been like this for years. If it was a banking site it would be different but its directly into the machine and with a strong password it is secure. HTTPS would be an improvement never the less.
- What? That does't make any sense....Having the login prompt for the router exposed to the internet is a serious and significant concern when remote management is off. Not only is it HTTP (which is insecure and easily sniffed) it allows anyone the ability to brute Force the router and gain access over time. That URL should not be accessible from any device anywhere on the internet. It should be blocked by default. I also was able to verify this on a RAX80 router as well.
Straitpipe wrote:
Having the login prompt for the router exposed to the internet ....It isn't. See above.
"You are logging into the router not an internet site...."
- I know where the login is going. Remote management is disabled so access to that URL shouldn't be available remotely....even if it was it should be on ssl...no router makes access to it's admin interface available externally by default. (Cisco, D-Link, etc). That is a very bad practice. That being said and ignoring our differences on secure administration, how do I disable it?
