Gateway login page accessibile with browser from wan on port 80 and 443

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Gateway login page accessibile with browser from wan on port 80 and 443

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Gateway login page accessibile with browser from wan on port 80 and 443
Gateway login page accessibile with browser from wan on port 80 and 443
2021-11-24 13:01:42
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.1.1

Hello,

Apparently with this gateway managed by the omada sdn, it is possible to access the gateway login page from the wan port on both http and https. I could not find a valid setting to disable this behavior. Moreover, the controller local ip address is shown on the login page. Can anyone else confirm this is a bug / security problem? is there an available fix besides putting the gateway behing another gateway / firewall?

  1      
  1      
#1
Options
6 Reply
Re:Gateway login page accessibile with browser from wan on port 80 and 443
2021-11-24 15:42:40 - last edited 2021-11-24 15:44:34

Noticed exact the same behaviour in my new config: ER605, SG2008p, EAP245 managed by local Omada controller. How can we deny access from wan?! There aren't any forwarded ports yet - it's still in default configuration!

  0  
  0  
#2
Options
Re:Gateway login page accessibile with browser from wan on port 80 and 443
2021-11-24 16:30:25

@marcoSanti 

 

Have you tried from WAN or is it from LAN you are trying. if you are on LAN you will be able to access your WAN ip, but I do not think you will see it from WAN

  0  
  0  
#3
Options
Re:Gateway login page accessibile with browser from wan on port 80 and 443
2021-11-24 16:31:08

OK, now I configured NAT for ports 80 and 443 and it's working like expected. Router or even Omada SDN aren't accessible.

 

But the default config seems to be vulnerable!

  0  
  0  
#4
Options
Re:Gateway login page accessibile with browser from wan on port 80 and 443
2021-11-24 16:37:33

@shberge 

 

In my case I tried via dyndns. So it should be from WAN?

  0  
  0  
#6
Options
Re:Gateway login page accessibile with browser from wan on port 80 and 443
2021-11-24 16:41:37

@Wipa dyndns i not a proxy server, dyndns is a dns service. if you are on your LAN and try your dyndns name you are on LAN... try from your phone with wifi disabled.

 

 

  0  
  0  
#7
Options
Re:Gateway login page accessibile with browser from wan on port 80 and 443
2021-11-24 17:12:17

@shberge Thank you for the explanation. And you're right! So in my case it was my fault.

  2  
  2  
#8
Options