- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
X6 R8000 Security Flaw - No Password Required via Safari
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
X6 R8000 Security Flaw - No Password Required via Safari
Issue found while using my MacBook Pro:
- macOS Big Sur (v11.1)
- Safari v14.0.2
I'm accessing my router admin page IP address via Safari and I am not prompted for the username and password. I am able to directly access the admin page. This issue is not happening in Chrome or FireFox. Or any other device. I've cleared the cache, history, and deleted the saved password to the page. Closed Safari, and reboot the laptop, and I am still able to access the page without being prompted. I even tried to log-off and close the browser, but (again) I'm still able to login without being prompted. I tried using a different user profile on my MacBook and found that the issue is tied to a single profile.
Am I missing a setting somewhere? Is this supposed to happen.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: X6 R8000 Security Flaw - No Password Required via Safari
> I'm accessing my router admin page IP address [...]
Which is what?
> [...] This issue is not happening in Chrome or FireFox. [...]
> [...] Or any other device. [...]
> [...] the issue is tied to a single profile. [...]
All that specificity, and you blame the _router_?
> [...] deleted the saved password to the page. [...]
How, exactly? _Which_ "the page"? Does the browser have saved
credentials for any related pages/sites, like, say, "routerlogin.net",
or similar?
> Am I missing a setting somewhere? [...]
Apparently, saved credentials in one user's Safari browser profile on
one computer. If you can't find them, then you might change that
password, and wait for complaints whsn the (now wrong) saved password
fails.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: X6 R8000 Security Flaw - No Password Required via Safari
The IP address is internal (i.e., 192.168.x.x) to the router (same as routerlogin.net). I've cleared any passwords linked to my router from the browser linked to that local IP or default URL. I am not "blaming" the router, I'm stating that the anomoly is occuring on a single client connected wirelessly to the router; and no matter how much I clear and change the password, the client browsers open the admin page without the password challenge.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more