- changed status to resolved
default settings are insecure
Issue #91
resolved
By default, telnet access is enabled, and is accessible from the WAN. This is highly insecure. It should be like the other admin interfaces that are only enabled from the LAN by default.
Comments (4)
-
repo owner
-
reporter
My mistake, my apologies. I didn’t misread anything, but my test apparently was flawed. I had attempted to telnet to my public IP from within the LAN. I thought that it should be denied since I was using the WAN address, but it seems there is some internal routing that happens and it doesn’t actually go all the way out to the WAN. I now checked telnet using my public IP from a completely different network and I was not able to connect, so it does appear to be secure.
Forgive my ignorance, but I have no idea what “HTRI” means.
-
repo owner
-
reporter
My apologies for not following HTRI, I’m not sure how I missed that.
For the record, I am using
freshtomato-R7000-ARM_NG-2020.8-AIO-64Kon a Netgear R7000.NVRAM: 64.00 KB / 23.75 KB
The reason I was a little confused about the telnet access is because I first attempted to access the web interface using the WAN address from within the LAN, and that did not work. So I figured that if telnet works when using that same method, then it would be available from the WAN. I’m not sure why, but apparently there is some difference between the two. I can
sshandtelnetto the WAN IP from within the LAN, but not from the outside.httpto the WAN IP doesn’t even work from within the LAN. Perhaps something is a little off and needs to be tweaked? - Log in to comment
Telnet is unavailable by default from the WAN side, you misread something.
BTW: you didn't follow HTRI.