Router access, am I in danger?

Question

I learned I can access my router from a the internet like so http://ipaddress/login.html

I was wondering if anyone could gain access to my router control panel. IF that is the case can they compromise my home network that connects to the router? Any malicious code or anything. Or i should not be worried at all

yes its accessible and its password protected with default pass hahaa — Born vs. Me, Dec 19 '18 at 18:23
*"ITS ACCESSIBLE FROM INTERNET, thats why I said web devices"* - a web device you use you access the router is the browser. While the browser can access the internet the browser is not the internet and the browser can also access thinks different from the internet - notably the local network (intranet not internet). Nothing in your description except your unproven claim suggests that the router can actually be accessed from the internet (i.e. outside your local network). — Steffen Ullrich, Dec 19 '18 at 21:44
How can I demonstrate an attack to my relatives, they dn thing is a big deal — Born vs. Me, Dec 21 '18 at 00:03
A website can send calls to localhost, but they cannot read anything coming from it. (unless CORS is set a certain way!) For instance "Redis" updates can be delivered from a website. At least according to this thread (last answer): https://security.stackexchange.com/questions/92008/can-a-website-make-an-http-request-to-localhost-how-does-it-get-around-the-cr — pcalkins, Jun 30 '22 at 18:06

Steffen Ullrich · Answer 1 · 2018-12-19T21:39:16.677

Based on the information so far it cannot be said if there is a problem or not. One need to watch out for several things:

If the administrative interface is accessible from the internet (usually not) and you have no password or a weak password then an attacker might get access this way. It is strongly recommended to have the administrative interface not exposed to the internet.
If you are logged into the router locally or have no or a weak password AND if the router is vulnerable to CSRF attacks or DNS rebinding (in case of no or weak passwords) then an attacker might get access by using your browser as a trampoline to access the internal interface of the router from outside.
Additionally there might be some kind of backdoor in the router where an attacker gets access. This might for example be a remote access for the ISP which due to bugs or misconfiguration is not restricted to the ISP only. But there were also real backdoors in the past left by the vendor.

If the attacker can get access to your router he can get usually get access to your internal network too. Typical attacks involve changing the DNS servers so that all of your traffic is passed through DNS servers controlled by the attacker. Or your router will be part of a botnet attacking other systems or sending spam. See for example A Massive Botnet Using Compromised Routers Is Ready To Attack, Over 200,000 MikroTik Routers Compromised in Cryptojacking Campaign, VPNFilter botnet has hacked 500,000 routers. Reboot and patch now!, Over 65,000 Home Routers Are Proxying Bad Traffic for Botnets, APTs, How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes.

In other words: unless you can be sure that none of the attack vectors actually exist you should be worried. It is hard to be sure about this but choosing a router from a vendor with good reputation regarding security issues helps. For more information see routersecurity.org. Also check that the firmware of your router is up-to-date and that you are using a strong password. Also don't login to your router with your normal browser profile in order to prevent misuse of logged in sessions using CSRF - use a different browsing profile or incognito mode for this.

@Bornvs.Me: then make sure it's not. How this should be done depends on the specific device - thus refer to the documentation of your device. If this is a system you got from your ISP maybe contact your ISP for help too. — Steffen Ullrich, Dec 19 '18 at 19:12
what could possibly happen? can you show a link to a worst case scenario, id like to pentest my own router — Born vs. Me, Dec 19 '18 at 21:32
@Bornvs.Me: see updated answer for the many things which can happen. — Steffen Ullrich, Dec 19 '18 at 21:39

score 0 · Answer 2 · answered Dec 19 '18 at 18:08

0

Assuming that admin panel is exposed to the Internet (and not just available on your local WiFi network), you are definitely placing yourself at risk.

If you don't need it accessible from the internet, look for a configuration setting to disable it; it will be named something like "disable remote configuration". This will greatly help prevent your router from being attacked remotely.

If you can't disable it, there are several steps you should take to lock your router down, the first of which is to change the admin password. Since there are plenty of resources on line for securing home routers, I would recommend you find and follow one of them.

answered Dec 19 '18 at 18:08

John Deters

33,650
3
57
110

What can possibly happen from the router? cna they get access to my pc? – Born vs. Me Dec 19 '18 at 18:24
Yes, if they can get into your router, they can configure it to expose your PC. – John Deters Dec 19 '18 at 18:47
A common attack would be to change your DNS server address to one that delivers malicious addresses. Your PC might think it is going to http://example.org but actually be connecting to evilhacker.com. – John Deters Dec 19 '18 at 18:51
It would be equivalent to putting your home network on a coffee shop WiFi without telling you. It doesn’t immediately give them full access, but it would make lots of new attacks possible. – John Deters Dec 19 '18 at 18:54
can they get access to my pc? – Born vs. Me Dec 19 '18 at 21:33
I answered several times: they can get TO your PC, but maybe not INTO your PC. It all depends on if your PC is perfectly secured. Most aren’t, and if you’re asking this question, yours isn’t likely to be among the perfect. You should protect your router. – John Deters Dec 19 '18 at 21:35
show me an example please, sorry to repeat questions im so frustrated these times and i have brainfog – Born vs. Me Dec 19 '18 at 21:38
This is an older tool, but look at the example to understand just what a bad guy can do if he gets in your router: [Firesheep](https://codebutler.com/2010/10/24/firesheep/) – John Deters Dec 19 '18 at 22:46

score 0 · Answer 3 · answered Dec 19 '18 at 18:19

Most likely you just accessed it from your local network? If the IP address is not 10.x.x.x, 192.168.x.x, or 172.16-31.x.x then you should log into your router and turn off remote access. Many routers have the ability to managed from the open internet and not the local network which opens them up to brute force attacks among other things. I'd start by making sure you can only access the router from the local network.

Second, when you go to that site do you have to provide a password? Has it been changed from the default? If not, change this password. Routers have gotten better in past 3 years about not using the same default password across all the devices, but it's still worth checking and changing.

If you do this, you should be pretty protected from rogue log in. Interestingly, most routers have logs also, if you dig around you can find them and probably see who and how many times someone might have tried to log into your router.

For reference, here is how to find the enable/disable button for remote web access: https://www.microcenter.com/tech_center/article/8339/how-to-set-up-remote-access-on-a-tenda-fh1201

And to answer the final question, if someone can access the router from the internet and changes the settings to allow them inbound access to your network: yes they can attack all the devices on your local LAN. There are multiple ways this can look

In my answer there is a link to a page showing where that setting can be disabled. — bashCypher, Dec 19 '18 at 18:31

score -1 · Answer 4 · edited Jul 03 '22 at 11:11

-1

If it's accessible by the whole internet, you aren't safe. Most routers have an option to disable the function for routers to be accessed by WAN. If it was enabled, disable that option and change your WiFi password, because it might've been leaked.

edited Jul 03 '22 at 11:11

schroeder

123,438
55
284
319

answered Jun 30 '22 at 14:38

ThePro501

447
1
2
10

The "only accessible by the LAN" part isn't so safe. There are ways, e.g. https://www.armis.com/research/nat-slipstreaming-v20/. – Bruno Rohée Jun 30 '22 at 15:17
The OP is very clear that it's accessible from the internet ... – schroeder Jun 30 '22 at 18:57
Why change the local wifi password? That's an oddly specific and unusual step if the router has been accessed from the Internet... And why change the default router password if it was not enabled? Aside from strange advice without explanation, this answer copies the answer from 2018. Did you intend to offer a unique perspective? – schroeder Jun 30 '22 at 18:59
@schroeder It can be leaked – ThePro501 Jul 03 '22 at 10:46
A leaked wifi password is a hyper-localised problem. I'm not sure this is worth a new answer and seems to be off-topic from what was asked. – schroeder Jul 03 '22 at 11:14
@schroeder It could get leaked in a list. And some neighbour might bruteforce it. – ThePro501 Jul 05 '22 at 12:55

Router access, am I in danger?

4 Answers4