Menu
What's new
By:
Filters Better Search

Risk level remotely connecting to router webui over http?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A

Axxel6307

Occasional Visitor
Once in awhile away from home i need to open my asus webui app to connect to my router to turn router off remotely when i don't want my wifi running.

I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?
 
Last edited:
Axxel6307 said:
...open my asus webui app to connect to my router to turn it off remotely.
Click to expand...
Turn what off? Remote access? The router (there's no option to do that)?

I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?
Click to expand...
Yes. But the much bigger problem is that Asus' HTTP web server is easily hackable and if it's normally open to the WAN it's just a matter of time (whether you're away from home or not)...
 
ColinTaylor said:
Turn what off? Remote access? The router (there's no option to do that)?

Yes. But the much bigger problem is that Asus' HTTP web server is easily hackable and if it's normally open to the WAN it's just a matter of time (whether you're away from home or not)...
Click to expand...

No, i mean shut my router off remotely using the webui.

So if its too risky leaving wan access enabled whether over https or http, is there a workaround way to connect to my router remotely?
 
Axxel6307 said:
No, i mean shut my router off remotely using the webui.
Click to expand...
I'm still not sure what you mean by "shut my router off". Do you mean physically power off the router? - There's no option for that. Or do you mean "disable the remote access features"?

So if its too risky leaving wan access enabled whether over https or http, is there a workaround way to connect to my router remotely?
Click to expand...
Yes, use the OpenVPN server on the router and connect to that.
 
ColinTaylor said:
I'm still not sure what you mean by "shut my router off". Do you mean physically power off the router? - There's no option for that. Or do you mean "disable the remote access features"?

Yes, use the OpenVPN server on the router and connect to that.
Click to expand...

I'm sorry you are right. I meant reboot my router. I just said shutoff for simplicity since It's another can of worms why I need to reboot it remotely lol.
Anyway, thanks for the info bud.
 
Axxel6307 said:
I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?
Click to expand...

The vast majority of home routers have very poorly written web servers, which are constantly the target of attacks. Don't expose your router's webui to the Internet, you are highly likely to have it compromised. Asus for instance fixes new web-related issues every few months, and Netgear recently recommended to their users not to expose their router's WAN to the Internet as a protection against the VPNFilter malware.

Use a VPN tunnel.
 
Axxel6307 said:
Once in awhile away from home i need to open my asus webui app to connect to my router to turn router off remotely when i don't want my wifi running.

I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?
Click to expand...

I suggest you reflash, reinitialise (factory default) if you have been leaving your router open to WAN via the asus app for some time.
Don’t use Asus app at all and NEVER open Wan access or ssh. Use OpenVPN server access via openvpn connect (iOS/android).
Good luck if you choose to leave it open.
 
XIII said:
Why is OpenVPN safer than SSH via keys only (i.e., no password)?
Click to expand...

The openvpn code was recently audited. I don't think dropbear code ever was.

The increased security lies in the underlying code, not in the authentication mechanism itself.
 
Thanks.

Maybe I should indeed disable SSH over WAN and use it over OpenVPN instead.
 
RMerlin said:
The openvpn code was recently audited. I don't think dropbear code ever was.
Click to expand...

I'll have to thank @Xentrk for popping this thread up...

Dropbear, while not having gone thru the openvpn audit, is fairly secure - use certs, and it's very secure...
 
You must log in or register to reply here.

Similar threads

M
How to prevent being hacked again - Router & devices? 😢
2
Replies
22
Views
856
Tech9
Tech9
N
Remotely access download master?
Replies
0
Views
387
Nico3d3
N
J
Update Username/Password in ASUS Router App After changing these remotely by VPN
Replies
3
Views
1K
iFrogMac
I
Z
Asus node not connecting SOLVED.
Replies
0
Views
2K
zemerdon
Z
M
T-Mobile ASUS TM-AC1900 (RT-AC68U variant) gets WAN IP and can ping Internet but connected WiFi clients indicate no Internet?
Replies
7
Views
948
Maximum-Split-7860
M
Similar threads
Thread starter Title Forum Replies Date
Stardust NAS NTP with minimum security risk General Network Security 16
C MikroTik devices at Risk General Network Security 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 744 (members: 15, guests: 729)
Top