Modems/Routers : Add HTTPS when connecting to the NETGEAR Genie page

Any confirmation on whether any older models will get the https interface? 

Kind of responding to this and several other very similar threads on this forum I came across covering many netgear routers.

No router software newer than lets say... 2010?.. just to pick a number, should even have plaintext anything as an option for communicating with a router's admin interface / OS, period. This is _basic_ security. Anything made within the last several years should support HTTPS using TLS 1.1-1.3 (no SSL) for admin interfaces.

Saying the local network is secure by calling it "internal" or "inside" or whatever word you want to use as if it is some magic wand that solves all security problems, is simply ignorant and in the case of a developer working on router firmware saying it, irresonsible, even negligent. WPA2 is quite crackable these days, and it has never been sure-fire. Wireless networks are fundamentally insecure by their very nature. There is _no_ excuse whatsoever for current router firmwares not having at least the _option_ of turning on https (and optionally ssh) for management and disabling http/telnet/plaintextwhatever.

And given that it is trivial to implement given the toolsets/packages/etc. available today, I'm really not sure what is preventing Netgear from keeping up with basically every one of their competetors on this point? Its very perplexing as a consumer to spend a few hundred dollars on a crazy gaming router (R9000 in my case) only to find that it doesn't even have industry standard basic minimum security features... in 2018.

Seriously, what is the actual deal?

---

AlphaBravo88wrote:

Hi NETGEAR,

 

I have recently configured a few different NETGEAR ADSL Modems/Routers, to be specific the D6400 and DGND3700v2, but both of these don't appear to support a HTTPS connection to the NETGEAR genie web page. As far as I can tell from browsing all the links and sub links, you don't even have a setting to enable this. The only reference to HTTPS in the User Manual is to enable HTTPS for remote connections from the Internet (Manage the Modem Router Remotely, Page 244).

 

Would NETGEAR look at intergrating this in the next firmware release to improve security on your device?

 

Thank you in advance for taking the time to respond to my question, it is most appreciated.

 

Regards

---

I made all the comments about how any malware can snoop on plaintext traffic in a network and grab the password. 3 things should always be an option for routers. They don't seem reasonable. 

1. Https available

2. Changing the user name from admin 

3. Change the port used ex.(https://192.168.1.1:5000)

Then basic security is achieved.

Another vote for https

Hi Everyone,

Thank you for suggesting the HTTPS feature. Your idea will be reviewed for consideration. :]

- Jason N

This is already happening.

Some newer devices already use https. And Netgear has said that it is rolling out the idea to some older devices. (Unfortunately, I can't find the message reporting this.) But don't expect it to make it to EOL stuff.

Nighthawk R7000 is old device ? EOL ?

Netgear has replaced the Nighthawk R7000 with the R7000P.