D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: cuban_cigar on December 03, 2013, 01:31:04 AM
-
I entered the external IP address to my network as assigned by my ISP and was absolutely floored to find that not only was the router login screen visible from the internet, it has the model and firmware version number clearly displayed.
A gaping mile-wide security hole.
Also, there seemed to be no documentation regarding how to disable/ turn off/ kill the wan (internet) login.
I got this router last year, a DIR-651. D-link considers this "end of life", which is odd.
How might I go about turning off WAN admin login?
This security flaw is going to be the ruin of me, and everyone who has a router.
When I comment on Wikipedia, people can LITERALLY get right to my router with just one click on the convenient IP hyperlink. A child could crack through the router like it was nothing this way, the vulnerabilities for any model are cataloged over time for easy exploitation. The internet must be prevented from even seeing that it's a router.
Look, they even published my IP, here... it's open season!
~wondering why
-
There should be an option in there to turn it off.
Anyways, only admin can see your posts ip address.
I cannot see it.
-
Thanks for sharing.
-
You could try reading the manual, it will tell you how to disable Remote Admin. That would have taken less time than it took you to type your comments :-)
-
FYI, this is not a security flaw as other Mfr routers including D-Link has this feature. It's disabled by default. This is a feature of many networking products out there. It's up to users to decide weather to use it or not.
Many users enjoy using this to help manage there products from remote locations. If you care concerned about this, then disable it if it's enabled. Also ensure that your local LAN side admin account PW is safe and secure and no body else has it.