| HUGE security loophole Netgear update I'm surprised it's not posted here yet. Thought I'd come here and see if anyone else has any problems.
Netgear just released new firmware for the v3 router and boy oh boy did they screw it up! so if you are thinking about upgrading---
*****DON'T******
I started having connection problems 3 days ago. saw an upgrade. BIGGGGGG MISTAKE!!! First off, there is no longer a PASSWORD TO LOG IN to my router. EVEN THO IT'S WPA2 SECURE! Any Tom, Dick, Harry or Sally can type 192.168.1.1 and go into my router.
Nice huh?
I happened to buy a v2 N300 off Woot.com a few weeks ago, and since I have to downgrade the v3,(which was advised on the Netgear forums) I installed the v2. STILL losing connection every now and again. Not as often, but still. I did NOT upgrade the v2 and I don't even know if there IS an upgrade. I'm following advice I found here:
»forum1.netgear.com/showthread.php?t=71149
hopefully that will work.
Anyone else having problems? |
|
| Guess no one is really concerned... LOL....
but I figured I can just hide the broadcast of the network so to avoid the whole "open router" problem. |
|
Reviews:
 ·Clearwire Wireless
 ·Comcast
| reply to Fallen_Anjel
It mostly likely went back to the factory defaults after you applied the firmware upgrade. That has to be what has happened. On some routers when you apply a firmware update in most cases will a router go back to the factory defaults. I've had this happened to me on different wired & wireless routers over the years. Every time I apply a firmware update for my Linksys E2000 the same thing happened to me and I just insert all the same settings as it had before. There is no need to make a big deal out of this. |
|
| I've yet to see a router where the default setting is to not require logging in and entering a default password. Sure it's something like "admin" and "password", but at least it asks.
This is where it just lets you in without a password at all, even if you set one, it still doesn't ask for it. |
|
| reply to Fallen_Anjel
The Time settings are also off after downloading this firmware version V1.1.1.53 the clock ntp show dec 31 1999 effecting settings for blocking sites at different times . |
|
| reply to Fallen_Anjel
said by Fallen_Anjel:First off, there is no longer a PASSWORD TO LOG IN to my router. EVEN THO IT'S WPA2 SECURE! Any Tom, Dick, Harry or Sally can type 192.168.1.1 and go into my router. I wouldn't worry about that part if your WPA2 is secured. Tom, Dick and Harry will need to physically connect to your LAN or hack your WPA2 in order to connect to your router's admin page.
I know that my NetGear WND3700v2 no longer require any login if I connect to it using my Android phone or tablet. Yours probably is the similar issue. The login page seems so easy to bypass. |
|
| Its a concern if they have a trojan installed on the LAN PC, then they can change DNS, etc at will |
|
|
|
| Or if you have guests suddenly plugging into your network (visiting friends, etc). |
|
| reply to jr9730inTX
said by jr9730inTX :Its a concern if they have a trojan installed on the LAN PC, then they can change DNS, etc at will
You have bigger issue to worry about than the simple router hack if you have trojan on your PC. For one, it is much easier to change DNS or your PC. |
|
| reply to tlhIngan
said by tlhIngan:Or if you have guests suddenly plugging into your network (visiting friends, etc).
What kind of friends is that? My friends don't mess around with my network.
Anyway, anyone tried to use an Android Phone or tablet to access the router's admin page? |
|
 dbiz
join:2000-01-29
Reno, NV
 ·AT&T DSL Service
| reply to Foxbat121
Foxbat, the problem is that WPA2 makes no difference because one does not have to be logged into your network to access the modem. They merely need to go to 192.168.0.1 or 192.168.0.1. If you cannot set and require a password, that unwelcome party can them go to the manual wireless setup page and see the network names (when not broadcast) and the passprases you have set to enter your WPA2 networks.
I am absolutely incredulous that Netgear could make an error like that.
--
Sprint cellphone (Sanyo 8400) & Charger Cable. |
|
| There is a new update for WNR2000v3 which directly fixes this reported issue.
Additionally, a factory default reset will also fix the issue with the previous .58 release. It also "fixes" a whole host of "other" reported issues.
It looks like the .58 release is a completely new code rewrite, and it looks like NETGEAR has been pretty specific on the WNR2000v3 support page for the firmware that you should make sure to reset to factory defaults after the upgrade. |
|
dbiz
join:2000-01-29
Reno, NV Reviews:
·AT&T DSL Service
| reply to dbiz
I must correct my comment. 192.168.0.1, »www.routerlogin.net or »www.routerlogin.com only give you access to router settings provided you are on one of the router's networks, its password was left as "password" or you have the newer password to which it was changed, and, if on a wi-fi network, the Wireless Isolation box for that network is not checked in Advanced Wireless Settings.
I feel users should be advised in bold print to change the password from "password" before letting anyone who is not highly trusted access one of the router's networks.
--
AT&T DSL Direct |
|
 Juke BoxHis Word Never FailsPremium
join:2001-01-29
Proverbs 3
·Knology
·Comcast
·AT&T Southeast
| reply to Fallen_Anjel
People change routers ip. Netgear put www.routerlogin.net or »www.routerlogin.com in their routers built-in dns so they can help troubleshoot issues. It is easier to go to a name than walking someone through the process to get to a command prompt just to get the ip of the gateway. It also proves that the router is up.
But I agree that the password to the router should be changed before it is passes traffic through it.
--
God's Not Dead
He's Surely Alive. |
|
| reply to Fallen_Anjel
Either the router should force the password change, or the default password should be set the same as the WPA2 password for Wi-Fi.
There are WAY too many malware these days that try to access routers. There's a particularly nasty one that tries to infect a router and load in its own MIPS-Linux binaries (a lot of routers run MIPS-Linux) to compromise it and to turn the router into a zombie for its botnet. Makes it REALLY hard to find that infected PC!
Heck, if they don't try to infect the router, they open ports up to your PC so they can contact their command control servers. |
|
