(Archer XR500v) Web interface exposes controls to unauthenticated clients

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

(Archer XR500v) Web interface exposes controls to unauthenticated clients

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
(Archer XR500v) Web interface exposes controls to unauthenticated clients
(Archer XR500v) Web interface exposes controls to unauthenticated clients
2021-06-23 01:19:33 - last edited 2021-09-13 12:34:49
Model: Adapter  
Hardware Version:
Firmware Version: 1.1.0 0.8.0 v5009.0 Build 200529 Rel.59796n

Steps to reproduce:

 

  1. The default port is 80. Change it to anything else, like 8888.
  2. On a client system, add the following to /etc/hosts (replace ip_address with your public IP):
    ip_address example.com

  3. Access the web interface like this: "example.com:8888"

 

Expected result:

The usual login form

 

Actual result:

A broken web page (missing CSS and JS) that offers, without any form of authentication, a button to reboot the device, and a form to redefine a user's password.

 

TP-Link technical support dismissed this as "not a bug", so I'm documenting it here.

 

Current workaround:

Use the default port (80).

 

Screenshot:

  0      
  0      
#1
Options
1 Accepted Solution
Re:(Archer XR500v) Web interface exposes controls to unauthenticated clients-Solution
2021-09-13 08:22:40 - last edited 2021-09-13 12:34:49

@doug.hs 

On the LTE Gateway Routers, there is a referrer checking feature which is to secure the network, when the real public IP is different from WAN IP, even though you have opened the corresponding port on the main router, the data packets from the internet to access the public IP will be blocked due to this referrer checking because the LTE Gateway Router cannot detect or record the real public IP address when it obtains a private IP address, so it is normal to see the abnormal login page in such cases.

 

If you happen to have the same issue, please configure DDNS on the LTE Gateway Router.

In this way, the real public IP address will be bound to the domain name, and the router will record the domain name and add it into the whitelist of referrer checking, so when we access it remotely via the domain name: port, the data packets can pass the referrer checking thus be able to access successfully.

Recommended Solution
  0  
  0  
#4
Options
3 Reply
Re:(Archer XR500v) Web interface exposes controls to unauthenticated clients
2021-07-07 08:14:01 - last edited 2021-07-07 08:16:02

@doug.hs  Hello, 

Thank you for your feedback and detailed information. Archer XR500v is a special edition provided to certain ISP, may I know did you contact your ISP and discuss with the case with them before? 

As the issue is quite special we would like to have a specialist look into this further via email with forum ID ' 268320' . Please check your mailbox and help provide some details, thank you. 

 

 

 

  0  
  0  
#2
Options
Re:(Archer XR500v) Web interface exposes controls to unauthenticated clients
2021-07-07 12:36:15

TP-Link wrote

may I know did you contact your ISP and discuss with the case with them before?

 

@TP-Link No, I didn't. This device was not provided by my ISP.

  0  
  0  
#3
Options
Re:(Archer XR500v) Web interface exposes controls to unauthenticated clients-Solution
2021-09-13 08:22:40 - last edited 2021-09-13 12:34:49

@doug.hs 

On the LTE Gateway Routers, there is a referrer checking feature which is to secure the network, when the real public IP is different from WAN IP, even though you have opened the corresponding port on the main router, the data packets from the internet to access the public IP will be blocked due to this referrer checking because the LTE Gateway Router cannot detect or record the real public IP address when it obtains a private IP address, so it is normal to see the abnormal login page in such cases.

 

If you happen to have the same issue, please configure DDNS on the LTE Gateway Router.

In this way, the real public IP address will be bound to the domain name, and the router will record the domain name and add it into the whitelist of referrer checking, so when we access it remotely via the domain name: port, the data packets can pass the referrer checking thus be able to access successfully.

Recommended Solution
  0  
  0  
#4
Options