topic Re: Hub 2 -- Lax Admin Security? in My Router

Hub 2 -- Lax Admin Security?

madra — Thu, 22 Dec 2022 22:56:08 GMT

I've been pretty used to visiting my routers internal IP address on my home network and being dumped right into the admin section.

Today I activated 'Static IP' add-on for my broadband package and visited my router via its static IP address on my phone [which has never connected to my router before]. I was pretty shocked to find that the router admin section is partially open for anyone to snoop around, who chances upon my IP. Now, I'm not saying it's completely wide open. If I try to dive into any of the sections to change a setting, I'm asked for the admin password --thank god! However, there's still a lot of potentially private info that's freely visible on the router admin screen, without entering the admin password:

* The 'Hub Status' page, which gives, amongst other things; connection status, upload and download speed, uptime, router serial number, router firmware version.

* Basic WiFi page, which gives; which channel frequencies [2,4GHz and/or 5GHz] are active, which channel each is using, whether I have WPS enabled, network name, security type, wireless mode.

* My devices page, which gives a list of every device connected to my router, with their individual IP addresses. This is a shocking security hole. So, now I'm not only at risk from anyone with an exploit for my router, but for anyone with an exploit for anyone of the dozen or so devices connected to it!

Am I missing something here? Or is there some pretty atrocious security on this router? With my last broadband router, if I visited its public IP address, I couldn't see anything at all without logging in. This one seems to give any potential hackers a wealth of useful information to help them along.

Re: Hub 2 -- Lax Admin Security?

MisterW — Fri, 23 Dec 2022 07:49:30 GMT

Are you sure your phone was connected via the mobioe network and not via your home wifi ?

AFAIK thev router is not accesible remotely by default. Howevervif you were connected to your home network, then NAT loopback would allow access internally without going out to the internet and back

Re: Hub 2 -- Lax Admin Security?

Dan_the_Van — Fri, 23 Dec 2022 08:26:43 GMT

In support of the above post you can check the open ports on your router

https://www.yougetsignal.com/tools/open-ports/

Select "Scan all Common Ports" found at the bottom of the command ports list on the right.

I have been unable to connect to my router from the internet using my public static IP address but I can on my local LAN.

HTH

Re: Hub 2 -- Lax Admin Security?

Baldrick1 — Fri, 23 Dec 2022 08:58:51 GMT

Moderators Note

This topic has been moved from Full Fibre to My Router

Re: Hub 2 -- Lax Admin Security?

madra — Fri, 23 Dec 2022 10:47:35 GMT

>Are you sure your phone was connected via the mobioe network and not via your home wifi ?

Ah. that's a point. I was checking in the house, so my mobile would have been going through my house WiFi. I'll have to test again when I'm out and about.

That said, I'd never connected to my router via my phone. So, even if [as seems likely] my phone was using my home WiFi network, I was still seeing a lot of info 'for free' about my router config and setup, without being logged in in any way, but just by dint of being on the same local network.

It still seems very lax from a security point of view. I'm thinking if this was a small office setting or somewhere like a cafe / pub where they allow guest access to their network, or a shared student house. It's surely not good practice to give so much potential 'ammo' to anyone who happens to be on the same network. Guests or non-admin users shouldn't be able to 'peek behind the curtain' at the router's admin controls at all, without logging in.

Re: Hub 2 -- Lax Admin Security?

Anonymous — Fri, 23 Dec 2022 10:48:13 GMT

I'm sure that when I have had cause to contact Plusnet with an issue, they have been able to see in to my Hub2 to check for issues?

Is there a hidden "Admin" login that they use to do this?

Re: Hub 2 -- Lax Admin Security?

MisterW — Fri, 23 Dec 2022 10:53:18 GMT

Guests or non-admin users shouldn't be able to 'peek behind the curtain' at the router's admin controls at all, without loggi

you might be able to look at some basic information but you can't 'do' anything without logging in

Is there a hidden "Admin" login that they use to do this?

no, they use TR069 which is a secure protocol which only allows access from the Plusnet server

Re: Hub 2 -- Lax Admin Security?

Baldrick1 — Fri, 23 Dec 2022 14:15:00 GMT

@madra wrote:

....It still seems very lax from a security point of view.

Seeing as BT hubs plus I suspect many others the same there are literally millions of devices across the country with your definition of lax security.

Fortunately if this bothers you there is no restriction to you getting your own third party hub.

Re: Hub 2 -- Lax Admin Security?

madra — Fri, 23 Dec 2022 16:09:57 GMT

@MisterW wrote:

you might be able to look at some basic information but you can't 'do' anything without logging in

Without logging in I can see what model router I'm using and what its firmware version is. I can also see a list of every device connected to my network along with their internal IP number.

Both of those are security risks. There are plenty of sites [both well- and ill-intentioned] out there which publish lists of exploits for various software / firmware on various devices. Usually a ne'er-do-well would have to probe the system, looking for open ports and trying to deduce what devices were behind them on which IPs and then try a range of exploits. This hub basically removes one of those obstacles by openly listing everything attached to the network and giving its IP. So now the miscreant has a nice list of devices to check aginast his stash of exploits.

@Baldrick1 wrote:

Fortunately if this bothers you there is no restriction to you getting your own third party hub.

Oh dear. Someone always has to play the 'If you don't like it. Make your own' card. The non-thinker's response to any criticism of anything.

Re: Hub 2 -- Lax Admin Security?

Baldrick1 — Fri, 23 Dec 2022 16:19:49 GMT

@madra

No, just being realistic.

Re: Hub 2 -- Lax Admin Security?

MisterW — Fri, 23 Dec 2022 16:20:11 GMT

Without logging in I can see what model router I'm using and what its firmware version is. I can also see a list of every device connected to my network along with their internal IP number.

ut you have to be connected to the local network to access the router at all . So someone trying to obtain that information must be physically connected to a lan port or have used the wireless password to connect

Re: Hub 2 -- Lax Admin Security?

Dan_the_Van — Fri, 23 Dec 2022 17:36:17 GMT

@madra

The thing is there are plenty of free tools available which can display the data you are worried about hiding without the need to have access to the Hubs home page

Once connected to your LAN I can use:-

https://whatismyipaddress.com/ - displays your public IP address

Android app "Network Analyser Pro"

Using "LAN scan" I can list all the active devices IP Addresses and hostname connected to your LAN .

Android "WiFi Analyzer"

I can list all the local wireless network and list security used and if WPS is enabled without the need to be connected to your LAN.

The connection speed could be determined using a speed test.