- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Option to disable UPnP for GC110/GC110P/GC510P/GC510PP when local management only is enabled
Currently (firmware version 1.0.5.27) GC110/GC110P/GC510P/GC510PP does not allow to turn off UPnP even when local management only ("Direct Connect Web-browser Interface (Local LAN Only)") is enabled.
This poses a security risk because this switch could be deployed to environment that is open to public and allow whatever user on the network to peek network infra details, including device name, IP address, manufacturer, model, and MAC address. This allows malicious user to find an attack vector.
Netgear Support team mentioned that UPnP cannot be disabled because it has to be visible to Netgear Insight App to discover the switch. However documentation says: "Direct Connect Web-browser Interface (Local LAN Only)- In this mode, the device can be managed only while on the local LAN, using a PC to access the web-browser management interface. ... Management using the NETGEAR Insight App is disabled." Apparantly when user choose local management specifically, there's no point for UPnP to be alive and discoverable by Insight App.
Please fix this security risk soon.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.