NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RAX80 admin accessible from public IP??
I use a domain name to access servers and VMs behind my Router (RAX80). I do NOT allow remote management.
Turns out that, for who knows how long, the default response from port 80 appears to be the admin login window to the Router admin console... I had to manually set up a port 80 forward to an IP that doesn't exist in my LAN.
Is this expected behavior? This sounds like a major security concern, trusting the Firmware of a router to the public domain...
4 Replies
Hi idlacrosseplaye,
I'll forward this to our product teams for further review. I'll be sure to reach out if further information is needed. In the meantime, may you let me know what firmware version the RAX80 is currently on.
Regards,
Christian
It is now on 1.0.3.98_1.0.46
I was on 1.0.3.88_xxxxxxx if I recall.
I always test pilot your firmwares ;-)
idlacrosseplaye,
Thanks for confirming. May you check to see if you're able to replicate the experience while on firmware v1.0.3.98_1.0.46.
Thanks,
Christian
idlacrosseplaye I attempted to recreate the behavior you are describing. Please ensure that you try from another network. It seems to me that the router (knowing your public IP) does not actually direct the traffic outside of the network, but rather consumes it at the router if it does not have a directive to route it to another internal IP. Odd behavior to be certain, but not the security threat that it first appears to be. If you do manage to access it from an outside network, then this is certainly a major security flaw.
