NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RAX120 login exposed?
I have checked the router setting for port forwarding / triggering, disabled remote management, etc. However the router's login prompt is accessible external using HTTP (not https though). Using http:...
What? That does't make any sense....Having the login prompt for the router exposed to the internet is a serious and significant concern when remote management is off. Not only is it HTTP (which is insecure and easily sniffed) it allows anyone the ability to brute Force the router and gain access over time. That URL should not be accessible from any device anywhere on the internet. It should be blocked by default. I also was able to verify this on a RAX80 router as well.
Straitpipe wrote:
Having the login prompt for the router exposed to the internet ....
It isn't. See above.
"You are logging into the router not an internet site...."
- I know where the login is going. Remote management is disabled so access to that URL shouldn't be available remotely....even if it was it should be on ssl...no router makes access to it's admin interface available externally by default. (Cisco, D-Link, etc). That is a very bad practice. That being said and ignoring our differences on secure administration, how do I disable it?
Belive me I am with you on HTTPS, but as far as I know you can't, https works with some models but mostly messes up. I would do what many of us have been doing for years and mention this to netgear and wait for nothing to happen. At the end you can use .com or 198.162.1.* whatever * is, either default or what you have changed it to. For now its the best you will get, and its not considered by Netgear to be a problem... its been the same for years sadly as you can see here.
https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Unencrypted-dashboard-Login-No-https/td-p/1380777Asus have HTTPS but you are still logging into your router like logging into a printer, not an internet site, and with a strong password you should be fine. You are using a browser to log into a routers GUI, not Amazon. Even though I would still prefer HTTPS.
