NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Status:
Engineering Investigation
Modems/Routers : Add HTTPS when connecting to the NETGEAR Genie page
Hi NETGEAR,
I have recently configured a few different NETGEAR ADSL Modems/Routers, to be specific the D6400 and DGND3700v2, but both of these don't appear to support a HTTPS connection to the NETGEAR genie web page. As far as I can tell from browsing all the links and sub links, you don't even have a setting to enable this. The only reference to HTTPS in the User Manual is to enable HTTPS for remote connections from the Internet (Manage the Modem Router Remotely, Page 244).
Would NETGEAR look at intergrating this in the next firmware release to improve security on your device?
Thank you in advance for taking the time to respond to my question, it is most appreciated.
Regards
55 Comments
Delete
Just checked, and it was not added to the latest firmware V1.3.1.64_10.1.36
- It seems to me that several years of requests from informed users should be sufficient to prompt Netgear to implement HTTPS in their routers. If these arguments aren't most modern browsers simply refuse to connect to HTTP sites or they make you jump through all sorts of hoops before they will connect. It's time for NETGEAR to get into the 21st century on this and implement the feature. What will it take? An act of Congress? With security the problem that it is, it might come to that.
It's very simple to add a self signed cert and let users choose http or https. On the https page the browser will give a warning saying unknown certificate authority. You just proceed anyway.
Or...buy a cheap Comodo cert and keep it in the devices. Firefox, Edge, & Chrome accept Comodo certs
You can download xca and make your own
We need an https in our device, for what we already paid!
Wow. Want to see what direction Netgear is going in? I bought the RAX80 AX newest router (which by power and range is actually quite good) and have now found out that it only works when UPnP is enabled!
Yep. I haven't had that garbage turned on for years and it's a confirmed bug now in multiple firmwares.
Check out my new post which details why UPnP is so dangerous.
Just bought my first Netgear router for over $400 and I was shocked to discover that it is not even an advanced option to enable HTTPS for the LAN admin interface. Every other router I've used over the years has supported this.
I just purchased the Netgear Nighthawk AC1900 R7000 and couldn't figure out why I couldn't connect to the router over https. It only supports http for local administration (with no way to disable), and can not limit to "wired" connections. In addition, it proudly displays my credentials in plain text on the http rendered interface (wireless setup page). Thank goodness for return policies.
The router came with firmware 1.0.9.88_10.2.88. The setup wizard was a good experience, telling me there was no firmware update available, which was a lie (the router automatically updates by default). I was able to update to 1.0.11.100_10.2.100 hoping it would have some additoinal features. No luck.
Considering this thread was opened 4 years ago, I guess that tells us about their stance on security.
Yes, it does. That's why I've relegated mine to being an access point and have installed a generic box (Protectli Vault 4 Port, Firewall Micro Appliance/Mini PC - Intel Quad Core) running op sense firewall. opnsense is open source, has regular updates and there was only one small fee to get regular suricata intrusion detection updates.
