Two things I immediately notice Netgear does wrong that should be improved in this and all affected models currently being sold.
1) HTTPS login to router does not work. Not using "routerlogin.net" domain or via LAN IP. HTTPS should be an option at the very least. Ideally, ability to also disable HTTP login. HTTPS is a no brainer in modern hardware. There's no cost to doing this right execpt a little better programming on the part of the firmware engineers. Yes, even a local untrusted SSL certificate is better than HTTP. Reason: HTTP passwords are sent plain text. Meaning they can be easily revealed by anyone using Wireshark or the like. Also, anyone who allows remote mamagement using HTTP is at risk.
2) Why are wifi passwords listed in plain text when logged into admin GUI? I know the answer is because the average consumer forgets them and allowing them to easily see these passwords in the interface resolves support calls quickly. Great, but poor security especially with these new GUI models that plainly scroll the wifi passwords across the main screens. At the very least show the password as stars (not readable using typical tools such as NIRSOFT Asterik revealer) and if the user wants to see their wifi password make them type in the router admin password again. This way if I have someone looking voe rmy shoulder while administering one of these units I can not worry about easily revealing the wifi passwords.
I hope someone from Netgear looks here and takes this into consideration. I shouldn't need to purchase a commercial AP for every SOHO or SMB that has more basic wifi needs.
Hi, I was just looking to see where I could post (in the hope that Netgear would do something about it) the issue with the password in clear text on the gui! I can't understand how that can not be an issue, log on to the gui and the first thing you get is a screen with the ssids and passwords. It really needs to be sorted out. I have some other concerns too.. I can't tell from the gui whether a wireless client is connected to the base wireless zone or the guest zone. I dont care too much about the guest zone but I need to know if someone gets onto the base.. but.. no way to tell?? I would like to set up some blocking rules etc in the router, ok fine I can do that, but it seems I need to have the IP address of the clients? So, I have DHCP and then I need to fix all the client IP addresses so that I can define rules for them? I agree with your comment, there is not much thought of security (but the firewall does seem to work ;-) ) Like you I hope netgear sees this and decides to fix some of these issues that kind of mess up what seems otherwise to be a good product.