TPG Community

Get online support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Archer VR1600 firmware bug

david64
Level 15
Level 15
‎12-03-2021 03:27 AM

My VR1600 has remote management disabled. Using my phone's mobile data, I can browse to my public ip address and port 80 (http://ipaddress:80) and connect to my router's login page, then login and access the setup. This is not supposed to be possible. If remote management is not enabled, the router should ignore any connection attempts.

Forwarding port 80 to my computer stops remote access to the router login screen. Port 443 (https) doesn't allow remote access.

Firmware Version:0.1.0 0.9.1 v5006.0 Build 200810 Rel.53181n Hardware Version:Archer VR1600v v2 00000000

0 Likes
Reply
6 REPLIES 6
Shane
Moderator Moderator
Moderator
‎12-03-2021 04:15 PM

Hi @david64 ,

 

Thanks for bringin this to our attention. We will raise this to our Network Engineering Team for investigation and we'll provide feedback on this thread once it becomes available. 

 

Regards,

 

@david64 wrote:

My VR1600 has remote management disabled. Using my phone's mobile data, I can browse to my public ip address and port 80 (http://ipaddress:80) and connect to my router's login page, then login and access the setup. This is not supposed to be possible. If remote management is not enabled, the router should ignore any connection attempts.

Forwarding port 80 to my computer stops remote access to the router login screen. Port 443 (https) doesn't allow remote access.

Firmware Version:0.1.0 0.9.1 v5006.0 Build 200810 Rel.53181n Hardware Version:Archer VR1600v v2 00000000

 

0 Likes
Reply
Shane
Moderator Moderator
Moderator
‎13-03-2021 12:19 PM

Hi @david64 ,

 

Please shoot me a private message with the MAC address of your modem/router.

 

Regards,

 

@david64 wrote:

My VR1600 has remote management disabled. Using my phone's mobile data, I can browse to my public ip address and port 80 (http://ipaddress:80) and connect to my router's login page, then login and access the setup. This is not supposed to be possible. If remote management is not enabled, the router should ignore any connection attempts.

Forwarding port 80 to my computer stops remote access to the router login screen. Port 443 (https) doesn't allow remote access.

Firmware Version:0.1.0 0.9.1 v5006.0 Build 200810 Rel.53181n Hardware Version:Archer VR1600v v2 00000000

 

0 Likes
Reply
david64
Level 15
Level 15
‎13-03-2021 06:56 PM

Another thing I've noticed about port forwarding on my VR1600.
A TCPIP packet contains the source ip address of the sending device and source port number from the device's TCPIP stack. There is the destination ip address which is my public ip address and destination port number which represents the target application, eg. port 80 for web server, port 22 for SSH server, port 23 for Telnet server, etc.
When this packet (for example, going to port 80) reaches my router and there is a forwarding rule for port 80, the router replaces the destination ip address (my public ip address) with the internal ip address in the rule and same for the destination port number (usually port 80 goes to port 80). The router should then send the packet to the local device.
But, my router is doing a bit extra. It is replacing the source ip address with my public ip address. This means that any server I run won't be able to determine the real source ip address of the packet.
The source ip address should stay as the real ip address of the remote device.

0 Likes
Reply
Shane
Moderator Moderator
Moderator
‎13-03-2021 08:16 PM

Hi @david64,

 

Thanks for the additional details. We relayed this to our Network Engineering Team for additional reference on the ongoing investigation. We'll provided you an update when it becomes available.

 

Regards,

 

 

Another thing I've noticed about port forwarding on my VR1600.
A TCPIP packet contains the source ip address of the sending device and source port number from the device's TCPIP stack. There is the destination ip address which is my public ip address and destination port number which represents the target application, eg. port 80 for web server, port 22 for SSH server, port 23 for Telnet server, etc.
When this packet (for example, going to port 80) reaches my router and there is a forwarding rule for port 80, the router replaces the destination ip address (my public ip address) with the internal ip address in the rule and same for the destination port number (usually port 80 goes to port 80). The router should then send the packet to the local device.
But, my router is doing a bit extra. It is replacing the source ip address with my public ip address. This means that any server I run won't be able to determine the real source ip address of the packet.
The source ip address should stay as the real ip address of the remote device.

0 Likes
Reply
djboob1966
Level 2
Level 2
‎14-03-2021 06:34 AM

i myself also are having the same problem with an HG659 and have tested a Netgear D7000v2 with both with port  80 443 both forwarded but if I type in my home server eg 123.123.123.xxx:80 both modems take me to the login screen of both modems when I'm trying to nav to NGINX in server.

 

 
  •  
0 Likes
Reply
djboob1966
Level 2
Level 2
‎18-03-2021 10:44 AM

Ok had tpg checking my line there was a problem Fixed but I also went out and got a Tp-link VR2800 modem router but had a problem hooking up due to fault inline that's now fixed but it still went to modems login if I added my public IP and port 80 but if i did a clear recent history in firefox tick all the boxes it did what it was supposed to so I'm up and running you may want to try this as well.

0 Likes
Reply