Menu
What's new
By:
Filters Better Search

Login without password + guest network access = security hole

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RocketJSquirrel

RocketJSquirrel

Senior Member
I've found an interesting issue using the RT-N66U 3.0.0.3.162 firmware.
  1. Guest WiFi network allows web access to the router via its LAN address even when intranet access is disabled in the web UI.
  2. Sometimes I can log in to the router without being prompted for a password. It seems that if I have logged out recently, I can get right back in without a password.
Add these up and you have a security hole where a guest can access the router.

Is it just me? Or are these known bugs?
 
I've done that many times (log out of the router and being able to get back in without needing to login) because I only end up closing the tab and not actually closing the whole browser.

That can be a security issue at home or at work if you logged into the router and then logout and close the tab up but left the rest of the browser running because someone else is able to log into the router and not have to enter the login information. I'm using firmware 3.0.0.3.178.15.
 
Last edited:
if you login using HTTPS the router should require credentials every time (after you close the browser window). If not, Asus has some security issues they need to correct.
 
i haven't tested that yet as i just use the normal http to login to the router.
 
claykin said:
if you login using HTTPS the router should require credentials every time (after you close the browser window). If not, Asus has some security issues they need to correct.
Click to expand...
HTTPS is supported by RT-N66U?
Please teach me how to enable it, thanks~
 
claykin said:
RMerlin added HTTPS access to his custom build firmware. Not sure if Asus did same since then. You can see more about RMerlin's firmware here:

http://forums.smallnetbuilder.com/showthread.php?t=7715
Click to expand...

In the .220 firmware, there's an "Authentication Method" dropdown in the "Administration" -> "System" tab. Haven't tested if it works, but it's there. I'm not sure when it was added, too many firmware versions *smile*.
 
You must log in or register to reply here.

Similar threads

B
YazFi YazFi Guest Network unable to access Pi-Hole DNS server
2
Replies
22
Views
1K
buzzy
B
D
Guest network with intranet access v. using the main network
Replies
4
Views
496
ColinTaylor
C
N
guest network questions
Replies
9
Views
599
ColinTaylor
C
P
RT-AX86U (AX5700) router dropping smart home devices every few weeks but Wi-Fi still works
Replies
3
Views
434
pandacat
P
L
Guest Network and Double NAT
Replies
6
Views
511
ljg1000
L

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 990 (members: 22, guests: 968)
Top