I own a R8000P router. I have it specifically set up to NOT allow Remote Management
If I type in the http://<external IP Address> from another physical location, it prompts me for credentials and then lets me in...
This should NOT happen... EVER
This being said, I just learned that my support for phone calls was only good for 90 Days...
Needless to say, I will not be purchasing another NetGear Router in the future. I am stuck with this one until I can get up the money to by a more secure router than this poorly designed product...
John P Harper
Model: R8000P|Nighthawk X6S AC4000 Tri Band WiFi Router
Will try that... Appreciate ya pointing me to the Hot Fix.
Reading the notes... I do not think this update will fix the issue... Maybe I will get lucky... From a cyber security standpoint... The web login page should not even be accessible at all from outside unless Remote Management is specifically enabled. That in and of itself opens the router up to an attack which eventually could succeed.
Model: R8000P|Nighthawk X6S AC4000 Tri Band WiFi Router
I have a vague recollection that something similar has come up before.
It turned out that the claim to be calling in from outside was no such thing. Typing in the "remote" IP address worked because the "caller" was in some way on the same network. Like I said, my recollection is hazy.
I'm not saying this is happening here, just that things can be a bit more complicated than is immediately obvious.
I have just failed in my attempts to break into my second network.
For research purposes, do your router's logs show any signs of this intrusion?
You say that you have not allowed remote management. Have you tried getting in through the conventional Remote Access route with the genie App? (See the manual for details of that.) That would show if the problem is dodgy security, or if that setting was not obeying your orders.
QUOTE: "turned out that the claim to be calling in from outside was no such thing. Typing in the "remote" IP address worked because the "caller" was in some way on the same network. Like I said, my recollection is hazy."
Response: I tested from a 10.x.x.x network at a different physical location when I first ran across this...
Granted... yesterday, after I applied the hot fix, it could have occurred then as I may have been on that network (192.168.x.x) as I have two different networks in to my house due to necessary business functionality so I will double check this later today when I go in to office.
QUOTE: "Have you tried getting in through the conventional Remote Access route with the genie App?"
Response: DUDE! I honestly forgot all about that as I do not use it very often... GREAT IDEA! and I will look at that...
I plan on doing a Full Scan on my external facing IP Address this weekend to see what all turns up... this should be interesting...
QUOTE: "do your router's logs show any signs of this intrusion?"
Response: Sadly... not anymore... I am a dummy and should have saved the log entry of admin logging in from external network... My initial thought on the issue was probably just a blip... reset router and wiped everything and reconfigured... While I got the page to come up yesterday, I did not attempt actual login. I will be retesting from external network today and, if the login page shows up, will capture logs. I am hoping you are right and I was on the same network after applying the hotfix and the login page does not come up...
Respectfully... and many thanks...
John P Harper
Model: R8000P|Nighthawk X6S AC4000 Tri Band WiFi Router
QUOTE: "turned out that the claim to be calling in from outside was no such thing. Typing in the "remote" IP address worked because the "caller" was in some way on the same network. Like I said, my recollection is hazy."
Response: I tested from a 10.x.x.x network at a different physical location when I first ran across this...
Granted... yesterday, after I applied the hot fix, it could have occurred then as I may have been on that network (192.168.x.x) as I have two different networks in to my house due to necessary business functionality so I will double check this later today when I go in to office.
A 10.x.x.x network is just another local (LAN) address somewhere else. (It is one that routers sometimes pick when the setup routing detects that something else is already squatting on 192.168.x.x.) It is the WAN IP address that tells you if it is breaking any security rules.
In my test, I went from one WAN IP address and tried to break into a different IP address.
I'm not saying that what you see is no possible. I am never surprised by the security holes that people discover. It just makes sense to investigate all possible wrinkles before losing too much sleep. If using 10.x.x.x is a way around the security, then it certainly needs mending. I leave it to the network experts to fathom that one out.
