Logout of router

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Logout of router

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Logout of router
Logout of router
2013-03-16 03:51:36
Region : UK

Model : TL-WR740N

Hardware Version : V4.20.0

Firmware Version :

ISP :


Region : UnitedKingdom

Model : TL-WR740N

Hardware Version : V3

Firmware Version :

ISP :


Sorry for the dumb question, but just had this new router installed on our community broadband and after setting up the admin and wifi security I cannot find out how to logout of the router. Any ideas? PS Maybe I need new glasses!!
  0      
  0      
#1
Options
13 Reply
Re:Logout of router
2013-03-16 10:56:43
If meaning to log out the TP-LINK web interface, you can just close it, Is that the case?
  0  
  0  
#2
Options
Re:Logout of router
2013-05-31 14:04:19

Joy wrote

If meaning to log out the TP-LINK web interface, you can just close it, Is that the case?

Yes, I think he want to logout from web interface (like me).
It can be a very big security hole.
Closing only the tab on which you used the admin GUI is not enough. If you reopen the router's URL, you are already logged in...
As I see, you must close the browser. (and I hope, it really logs out)
  0  
  0  
#3
Options
Re:Logout of router
2013-06-01 12:25:19
As far as i know, there is no logout but close option on the web-based interface.
So you just click on close to "logout" the page.
If there is a logout option not just close, it will be much better.
  0  
  0  
#4
Options
Re:Logout of router
2013-06-01 21:34:16
I think, it's a big sec.hole, because if you just close the tab on which you used the admin GUI, then the session remains opened and...
For example a malware can do anything as admin on your router while your browser is running. (see XSS as a sample!)
  0  
  0  
#5
Options
Re:Logout of router
2017-02-26 11:32:41
I agree. This is a terrible security hole as is the complete lack of HTTPS support.
While you should not ever access your router remotely via a browser (best practices and all), it's still a security hole on the LAN (even if you assign MAC addresses to what machine can administer - MACs are easily spoofed and read from ARP caches on any attached PC - to make matters worse, the credentials are sent in the clear meaning it is easily read even from a low profile PC on a LAN and, obviously readable from the Internet).
My recommendation is to setup an IPSec VPN tunnel, disable all forwarding ports, disable remote admin completely (0.0.0.0), put in the MAC addresses for valid admin PCs, setup ALL browsers to delete there cookies/cache on exit - automatically. Administer the router from within the tunnel only, if the tunnel is down, then you're out of luck, but better than getting compromised.
  0  
  0  
#6
Options
Re:Logout of router
2017-02-26 18:17:22

haazee wrote


For example a malware can do anything as admin on your router while your browser is running. (see XSS as a sample!)


If you use a browser (i.e. Microsoft Internet Explorer Version 6) which does not encode < and > in URLs and therefore is vulnerable to DOM-based XSS attacks, you have a tremendous security hole anyway. In this case I would not be concerned about malware breaking into my router, but I would be concerned at first to use such a system full of holes like Swiss cheese to visit any shopping site or even bank accounts, where they can do real harm.

But if you really did find a security hole for reflective or persistent XSS attacks in TP-Link's web UI, proof it before claiming that it could be subject to XSS attacks. Which web page of the TL-WR740's web UI does output data previously entered by the user without checking for critical input? I couldn't find a guestbook or a forum in TL-WR740's web UI and it also does not have a search form or anything which could be used to enter critical data in the web UI being displayed without plausibility checks due to bad programming.

The fact that you stay logged in somewhere while surfing other (malicious) web sites is in no way the cause for XSS attacks as your claim suggests, except that it indeed may pose a massive risk for such if you use software which is broken by design such as IE 6 or older Windows (before Vista) versions.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#7
Options
Re:Logout of router
2017-04-13 18:42:01
Closing only the tab on which you used the admin GUI is not enough. If you reopen the router's URL, you are already logged in...
  0  
  0  
#8
Options
Delete History
2017-08-16 23:29:54
Simply delete your history, and you will log out . . .
  0  
  0  
#9
Options
Re:Logout of router
2017-08-20 00:46:47
You mean to clear recent history from browser?
  0  
  0  
#10
Options
Re:Logout of router
2017-08-23 10:29:35
for some versions, I think the more dated one, there is a logout button
  0  
  0  
#11
Options

Information

Helpful: 0

Views: 18884

Replies: 13

Related Articles