Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

X6 R8000 Security Flaw - No Password Required via Safari

android_roy
Guide
Guide
‎2021-01-16 10:20 PM
‎2021-01-16 10:20 PM

X6 R8000 Security Flaw - No Password Required via Safari

Issue found while using my MacBook Pro:

  • macOS Big Sur (v11.1)
  • Safari v14.0.2

 

I'm accessing my router admin page IP address via Safari and I am not prompted for the username and password. I am able to directly access the admin page. This issue is not happening in Chrome or FireFox. Or any other device. I've cleared the cache, history, and deleted the saved password to the page. Closed Safari, and reboot the laptop, and I am still able to access the page without being prompted. I even tried to log-off and close the browser, but (again) I'm still able to login without being prompted. I tried using a different user profile on my MacBook and found that the issue is tied to a single profile. 

 

Am I missing a setting somewhere? Is this supposed to happen. 

 

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 1 of 3
0 Kudos
Reply
antinode
Guru
Guru
‎2021-01-17 03:08 AM
‎2021-01-17 03:08 AM

Re: X6 R8000 Security Flaw - No Password Required via Safari

> I'm accessing my router admin page IP address [...]

 

   Which is what?

 

> [...] This issue is not happening in Chrome or FireFox. [...]

 

> [...] Or any other device. [...]

 

> [...] the issue is tied to a single profile. [...]

 

   All that specificity, and you blame the _router_?

 

> [...] deleted the saved password to the page. [...]

 

   How, exactly?  _Which_ "the page"?  Does the browser have saved
credentials for any related pages/sites, like, say, "routerlogin.net",
or similar?

 

> Am I missing a setting somewhere? [...]


   Apparently, saved credentials in one user's Safari browser profile on
one computer.  If you can't find them, then you might change that
password, and wait for complaints whsn the (now wrong) saved password
fails.

Message 2 of 3
0 Kudos
Reply
android_roy
Guide
Guide
‎2021-01-26 11:14 AM
‎2021-01-26 11:14 AM

Re: X6 R8000 Security Flaw - No Password Required via Safari

The IP address is internal (i.e., 192.168.x.x) to the router (same as routerlogin.net). I've cleared any passwords linked to my router from the browser linked to that local IP or default URL. I am not "blaming" the router, I'm stating that the anomoly is occuring on a single client connected wirelessly to the router; and no matter how much I clear and change the password, the client browsers open the admin page without the password challenge.   

Message 3 of 3
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 2 replies
  • ‎2021-01-16 10:20 PM
  • 456 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7