Things that ppl never seem to ask or answer: MITM & HTTP router access...

JARVIS Member Posts: 12
First Comment
Many brand routers never use security certificates or httpS when users try to connect to their firmware (

Is there EVER a possibility of an MITM in such circumstances?

To me, this always seems to be the biggest security flaw in router if an MITM is possible.


  • Pixel
    Pixel Devon, U.K.Member, Moderator, Beta Tester Posts: 359
    100 Likes 25 Answers 100 Comments Second Anniversary
    There are only two “Official” ways of accessing firmware either from within the LAN which should be protected by a firewall therefore only accessible by an authorised user/administrator. The other by automation services where the hardware manufacturer (or Broadband provider) opens a port through the firewall to automatically update firmware so in principle certification would not be required.
    Hackers exploit vulnerabilities in some cases to access Routers/LANS but security certificates would be ineffective in these cases as the Hackers would have “worked around” any security certification.
  • ZeldaLovesLink
    ZeldaLovesLink Member Posts: 1
    First Comment

    WiFi is hard to secure.

    How about we turn off the broadcast and wire everything?

    cat cable to iPhone please?

    JARVIS Member Posts: 12
    First Comment
    So you're saying... having your wifi router broadcasted with id and mac address... it's unheard of that someone parked in the neighborhood can zero in on your wifi router activity, and then "grab" whatever transmission between your computer and wifi router? .... particularly, if your browser connection to your router firmware is not httpS
    JARVIS Member Posts: 12
    First Comment
    Ok, I think I might been using the wrong words.

    What I meant was is it possible for WIFI SNIFFING when you're accessing your router "over the air" without HTTPS.