- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
NETGEAR Router Remote Management BAD
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NETGEAR Router Remote Management BAD
I own a R8000P router. I have it specifically set up to NOT allow Remote Management
If I type in the http://<external IP Address> from another physical location, it prompts me for credentials and then lets me in...
This should NOT happen... EVER
This being said, I just learned that my support for phone calls was only good for 90 Days...
Needless to say, I will not be purchasing another NetGear Router in the future. I am stuck with this one until I can get up the money to by a more secure router than this poorly designed product...
John P Harper
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: NETGEAR Router Remote Management BAD
what firmware version are you on?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: NETGEAR Router Remote Management BAD
V1.4.1.68_1.3.28 |
No newer firmware available according to the Management Check functionality of router
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: NETGEAR Router Remote Management BAD
could be a bug. I don't have that specific router to test it on.
@DarrenM or @ChristineT any chance you guys do?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: NETGEAR Router Remote Management BAD
@jpharper999 wrote:
No newer firmware available according to the Management Check functionality of router
Not always a reliable guide.
It can miss things like this:
R8000P Firmware Version 1.4.1.82 - Hot Fix | Answer | NETGEAR Support
Always better to visit the support pages for your device.
Manuals are always a good place to start.
Visit the support pages:
Support | NETGEAR
Feed in your model number and check the documentation for your hardware.
That page will also have any software, firmware and drivers for your device, if they exist.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: NETGEAR Router Remote Management BAD
Will try that... Appreciate ya pointing me to the Hot Fix.
Reading the notes... I do not think this update will fix the issue... Maybe I will get lucky... From a cyber security standpoint... The web login page should not even be accessible at all from outside unless Remote Management is specifically enabled. That in and of itself opens the router up to an attack which eventually could succeed.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: NETGEAR Router Remote Management BAD
Updated with Hotfix...
admin page still be advertised to outside my network...
Updated my password to a very large random sequence... oh well....
such is life
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: NETGEAR Router Remote Management BAD
I have a vague recollection that something similar has come up before.
It turned out that the claim to be calling in from outside was no such thing. Typing in the "remote" IP address worked because the "caller" was in some way on the same network. Like I said, my recollection is hazy.
I'm not saying this is happening here, just that things can be a bit more complicated than is immediately obvious.
I have just failed in my attempts to break into my second network.
For research purposes, do your router's logs show any signs of this intrusion?
You say that you have not allowed remote management. Have you tried getting in through the conventional Remote Access route with the genie App? (See the manual for details of that.) That would show if the problem is dodgy security, or if that setting was not obeying your orders.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: NETGEAR Router Remote Management BAD
QUOTE: "turned out that the claim to be calling in from outside was no such thing. Typing in the "remote" IP address worked because the "caller" was in some way on the same network. Like I said, my recollection is hazy."
Response: I tested from a 10.x.x.x network at a different physical location when I first ran across this...
Granted... yesterday, after I applied the hot fix, it could have occurred then as I may have been on that network (192.168.x.x) as I have two different networks in to my house due to necessary business functionality so I will double check this later today when I go in to office.
QUOTE: "Have you tried getting in through the conventional Remote Access route with the genie App?"
Response: DUDE! I honestly forgot all about that as I do not use it very often... GREAT IDEA! and I will look at that...
I plan on doing a Full Scan on my external facing IP Address this weekend to see what all turns up... this should be interesting...
QUOTE: "do your router's logs show any signs of this intrusion?"
Response: Sadly... not anymore... I am a dummy and should have saved the log entry of admin logging in from external network... My initial thought on the issue was probably just a blip... reset router and wiped everything and reconfigured... While I got the page to come up yesterday, I did not attempt actual login. I will be retesting from external network today and, if the login page shows up, will capture logs. I am hoping you are right and I was on the same network after applying the hotfix and the login page does not come up...
Respectfully... and many thanks...
John P Harper
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: NETGEAR Router Remote Management BAD
@jpharper999 wrote:
QUOTE: "turned out that the claim to be calling in from outside was no such thing. Typing in the "remote" IP address worked because the "caller" was in some way on the same network. Like I said, my recollection is hazy."
Response: I tested from a 10.x.x.x network at a different physical location when I first ran across this...
Granted... yesterday, after I applied the hot fix, it could have occurred then as I may have been on that network (192.168.x.x) as I have two different networks in to my house due to necessary business functionality so I will double check this later today when I go in to office.
A 10.x.x.x network is just another local (LAN) address somewhere else. (It is one that routers sometimes pick when the setup routing detects that something else is already squatting on 192.168.x.x.) It is the WAN IP address that tells you if it is breaking any security rules.
In my test, I went from one WAN IP address and tried to break into a different IP address.
I'm not saying that what you see is no possible. I am never surprised by the security holes that people discover. It just makes sense to investigate all possible wrinkles before losing too much sleep. If using 10.x.x.x is a way around the security, then it certainly needs mending. I leave it to the network experts to fathom that one out.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more