Security risk?

[macfan]

Even though I have "Enable Web Access from LAN" off, if I turn off the firewall and query my public IP from a remote location using curl, I get a screen saying "You cannot login unless logout another user first." (sic) More concerning is that there is a javascript array called dhcpLeaseInfo that contains a list of all my internal devices with internal IPs. At a minimum, it's a list of equipment in my home worth stealing because each IP is accompanied by the device name, iPhone, Macbook, etc.

I only turned off firewall to test a problem, but either way, this doesn't seem like a good thing.

 

[sinshiva]

i don't believe that screen is part of the actual webui, it's one of a few that show up when things aren't going right. that said, don't disable the firewall lol.

 

[RMerlin]

Even though I have "Enable Web Access from LAN" off, if I turn off the firewall and query my public IP from a remote location using curl, I get a screen saying "You cannot login unless logout another user first." (sic) More concerning is that there is a javascript array called dhcpLeaseInfo that contains a list of all my internal devices with internal IPs. At a minimum, it's a list of equipment in my home worth stealing because each IP is accompanied by the device name, iPhone, Macbook, etc.

I only turned off firewall to test a problem, but either way, this doesn't seem like a good thing.

If you disable your firewall, then everything on the router will become WAN accessible. This is normal.