Re: Netgear Router Administrative Web Interface Lacks Transport Encryption By Default  – Full Disclosure

Posted by Gynvael Coldwind on Feb 17

Hi,

This isn’t really a problem a vendor can solve in firmware (apart from
offering configuration via cloud, which has its own issues).
Even if they would enable TLS/SSL by default, it would just give one a
false sense of security, since:
– the certificates would be invalid (public CAs don’t give out certs for IP
addresses),
– they would be easy to clone (due to being self-signed and/or being easy
to extract from a similar device),
-…
 – Read More  – Full Disclosure