TPG Community

Get online support

Archer VR1600 firmware bug

david64
Level 10

My VR1600 has remote management disabled. Using my phone's mobile data, I can browse to my public ip address and port 80 (http://ipaddress:80) and connect to my router's login page, then login and access the setup. This is not supposed to be possible. If remote management is not enabled, the router should ignore any connection attempts.

Forwarding port 80 to my computer stops remote access to the router login screen. Port 443 (https) doesn't allow remote access.

Firmware Version:0.1.0 0.9.1 v5006.0 Build 200810 Rel.53181n Hardware Version:Archer VR1600v v2 00000000

6 REPLIES 6
Shane
Moderator

Hi @david64 ,

 

Thanks for bringin this to our attention. We will raise this to our Network Engineering Team for investigation and we'll provide feedback on this thread once it becomes available. 

 

Regards,

 


@david64 wrote:

My VR1600 has remote management disabled. Using my phone's mobile data, I can browse to my public ip address and port 80 (http://ipaddress:80) and connect to my router's login page, then login and access the setup. This is not supposed to be possible. If remote management is not enabled, the router should ignore any connection attempts.

Forwarding port 80 to my computer stops remote access to the router login screen. Port 443 (https) doesn't allow remote access.

Firmware Version:0.1.0 0.9.1 v5006.0 Build 200810 Rel.53181n Hardware Version:Archer VR1600v v2 00000000


 

Shane
Moderator

Hi @david64 ,

 

Please shoot me a private message with the MAC address of your modem/router.

 

Regards,

 


@david64 wrote:

My VR1600 has remote management disabled. Using my phone's mobile data, I can browse to my public ip address and port 80 (http://ipaddress:80) and connect to my router's login page, then login and access the setup. This is not supposed to be possible. If remote management is not enabled, the router should ignore any connection attempts.

Forwarding port 80 to my computer stops remote access to the router login screen. Port 443 (https) doesn't allow remote access.

Firmware Version:0.1.0 0.9.1 v5006.0 Build 200810 Rel.53181n Hardware Version:Archer VR1600v v2 00000000


 

david64
Level 10

Another thing I've noticed about port forwarding on my VR1600.
A TCPIP packet contains the source ip address of the sending device and source port number from the device's TCPIP stack. There is the destination ip address which is my public ip address and destination port number which represents the target application, eg. port 80 for web server, port 22 for SSH server, port 23 for Telnet server, etc.
When this packet (for example, going to port 80) reaches my router and there is a forwarding rule for port 80, the router replaces the destination ip address (my public ip address) with the internal ip address in the rule and same for the destination port number (usually port 80 goes to port 80). The router should then send the packet to the local device.
But, my router is doing a bit extra. It is replacing the source ip address with my public ip address. This means that any server I run won't be able to determine the real source ip address of the packet.
The source ip address should stay as the real ip address of the remote device.

Shane
Moderator

Hi @david64,

 

Thanks for the additional details. We relayed this to our Network Engineering Team for additional reference on the ongoing investigation. We'll provided you an update when it becomes available.

 

Regards,

 

 

Another thing I've noticed about port forwarding on my VR1600.
A TCPIP packet contains the source ip address of the sending device and source port number from the device's TCPIP stack. There is the destination ip address which is my public ip address and destination port number which represents the target application, eg. port 80 for web server, port 22 for SSH server, port 23 for Telnet server, etc.
When this packet (for example, going to port 80) reaches my router and there is a forwarding rule for port 80, the router replaces the destination ip address (my public ip address) with the internal ip address in the rule and same for the destination port number (usually port 80 goes to port 80). The router should then send the packet to the local device.
But, my router is doing a bit extra. It is replacing the source ip address with my public ip address. This means that any server I run won't be able to determine the real source ip address of the packet.
The source ip address should stay as the real ip address of the remote device.

djboob1966
Level 2

i myself also are having the same problem with an HG659 and have tested a Netgear D7000v2 with both with port  80 443 both forwarded but if I type in my home server eg 123.123.123.xxx:80 both modems take me to the login screen of both modems when I'm trying to nav to NGINX in server.

 

djboob1966
Level 2

Ok had tpg checking my line there was a problem Fixed but I also went out and got a Tp-link VR2800 modem router but had a problem hooking up due to fault inline that's now fixed but it still went to modems login if I added my public IP and port 80 but if i did a clear recent history in firefox tick all the boxes it did what it was supposed to so I'm up and running you may want to try this as well.