Modems/Routers : Add HTTPS when connecting to the NETGEAR Genie page

BTW I love how my post says "Novice"

I have been around InfoSec for over 20 years, spoken at some major InfoSec conferences including DEF CON and DerbyCon and am very involved in the security world. Maybe its because I usually don't post on their forums.

BTW I love how my post says "Novice"

That's down to this: Total Messages Posted 2

Hang in there and the algorithms will make your day.

Are we still waiting for a patch here?  What is the problem? Patch krack and give us an https option in the advanced menu.  Come on already.

i have 3 NETGEARS routers buyed in different times

first is WNR3500Lv2, i go to it after zyxel, dlink, tp-link, trendnet - and didn't have problem with it and !i think NETGEAR is great company! good hardware, good firmware/possibilities/friendly gui.
second is WNDR4500v2, buy it because need more throughput - 2 problems no https internal and SSL/TLS for email (after purchase support says what it's already EOL and goodbye)...
third i buy 2xR7000 i think what it's new good and etc - but again no internal https support and have some small problems.

i have 2 NAS 104 and 426, i have minor problem and same story...

in summary, i can say that the more I put money into a NETGEAR, then less I had the quality of service and things in those places where I needed it critically and asks add them.
if somebody looks this thread to select right product for home
!GO AWAY FROM NETGEAR!
if you ask NETGEAR please add support xx to help me to work with product more simpler and better, you hear answer -
"we not interesting in this way, we only remove big bugs what stops sales"
we need your money, no end user customer work...
you can buy Chinese OEM and have more, don't waste your money for service or shine frimware/nice looks site/forum.

1a) My comment is about WiFi Routers, not Cable/DSL-Modems that connect directly to the Internet. If I'm in the wrong thread, please someone, let me know?

1b) My cable modem is mine, not the ISP's. I purposely got the CM400 and will NEVER have a WiFi device directly connected to the ISP.

2) I have a 5-7 year old D-Link WiFi Router that can be administered over WiFi (ie; on local connections). Remote Administration (i.e.: over WAN) is turned OFF. I dislike that it does not allow itself to be administered using https, whether by my LAN computer or WiFi. Especially because any attempt to administer the Router (not talking about any modem) over WiFi using http results in the username and password being transmitted in cleartext.

3) I am leaving in the next few minutes to return an UNOPENED box to Frys#5. This was an impressive looking Netgear Nighthawk X4S AC2600 "Smart" WiFi Router. I downloaded and carefully searched the pdf Manual for it. I couldn't find any instructions like the very complete ones on my current D-Link Router. No way to figure out without opening the box and hooking the device and going through all its menus. Which I will not do. I need to know before I am stuck with something. I am just surviving on SS.

4) Additionally, I want a device that gets REGULAR security updates as hacks are discovered, like my Ubiquity wired ER-X, that I'm getting ready to "up-flash" and put into service directly between my modem and D-Link WiFi Router. Of course, nobody will be doing that.

5) So what I really need is to have someone clue me in to any WiFi ROUTER allowing administration over https. I give up on security firmware updates. I don't even care if I have to fall back to n300 stuck on 2.4GHz. I want SECURITY over ANY "feature".

1a) Again, if this thread is mostly about MODEMS then someone please ... well, "tell me where to go"? I know, leaving myself open with that one.

Thanks to anyone who read this. I can only wish I knew enough to contribute to the group.

DrWattsOn

Any update on this? I would think this would be a high priority update?

Thanks!

BTW, using Netgear Router R8500

I have problem with my !RN426! for 3 months, and at end of support !L3! says me !We Test Your Defect on !RN526! and all works good!

I think what httpS will never be added...

Bitdefender is saying any router without https authentication is a high security risk.

I just scanned my network with bitdefender home scanner to see if any of the myriad of devices I have in my smart home is a security risk.

To my suprise everything is good except my Nighthawk c7000 cable modem router. Bitdefender says it is a high risk becauses it uses http 

instead of https for authentication. Bitdefender tells me I need to upgrade my router firmware. (This is not an option on the combo product, as only the ISP can 

push through firmware upgrades.) 

Reading this thread, is it safe to assume that Netgear still doesnt use https for authentication?

It's not ok no matter what anyone says. Malware can scan your network and play man-in-the-middle to steal passwords sent in open text to your .1 router.
The easy fix to this is make the default login http, and give an option (that notifies about browser cert wanrings that you can ignore) in the advanced menu, for people that understand what they are doing.

New Netgear devices are moving to https.

The browser/genie interface is local, not some website out in the internet. It takes some effort to attack your router from the outside world.

Remote access does use https.