Router requiring a security exception in the browser to proceed

Page 4 of 4 FirstFirst ... 234

  1. Cr00zng
    Posts : 750
    Windows 10 Pro 64-bits
       New #31

    As Ken has stated, you don't really connect to the Quantum router at your location directly. Instead, you connect to a web server via SSL/TLS, that will connect to your router and presents a GUI interface for configuration changes.

    The web server may, or may not have self-signed cert, but it does seem that it's the AVG that throws up the error message. Maybe the AVG wants to use its own SSL cert for intercepting/monitoring secured connections, hence the reason it does not match to the Quantum Server's DNS name. If there's an option in AVG for disabling SSL/TLS monitoring, try that first, you don't need to uninstall AVG.

    As a side note...

    The method how most AVs inspect secured connection used to be called man-in-the-middle attack. Hackers moved to the man-in-the-browser attack's that easier to pull off. The man-in-the-antivirus is really no different and I always disable it. There's nothing that would stop the AV to upload the content of the secured connection in plain text. It's a matter of trust I guess...

    Billy Joel - A Matter of Trust (Official Video) - YouTube
      My Computer
    Quote Quote

  3. Callender
    Posts : 6,834
    22H2 64 Bit Pro
       New #32

    I don't trust it. I just use additional security measures.

    Google and Mozilla's message to AV and security firms: Stop trashing HTTPS | ZDNet
      My Computer
    Quote Quote

  4. mobiguy
    Posts : 6
    Windows 10
       New #33

    Callender said:
    Try FF Portable v38

    PortableApps.com - Browse /Mozilla Firefox, Portable Ed./Mozilla Firefox, Portable Edition 38.0 at SourceForge.net

    Don't run it at the same time as your installed Firefox. Launch the old portable version and see if you get the same problem connecting to your router login page. You can delete the portable version afterwards.
    I tried it, per your instructions. Portable Firefox 38 also detects it as an untrusted site.
      My Computers
    Quote Quote

  6. mobiguy
    Posts : 6
    Windows 10
       New #34

    rivre said:
    Well then wasn't it also self-signed last month, 6 months ago, last year, 2 years ago, etc.? What changed?
    My guess is that they do have a real certificate for released firmware, but that they use a self-signed one internally for development, and somebody dropped the ball and left the reference to that one in a firmware update. The self-signed cert was issued in 2015, so if it had been there all along we should have been getting security exceptions all along. There's no question that something changed about a month ago.
      My Computers
    Quote Quote

  7. mobiguy
    Posts : 6
    Windows 10
       New #35

    Cr00zng said:
    As Ken has stated, you don't really connect to the Quantum router at your location directly. Instead, you connect to a web server via SSL/TLS, that will connect to your router and presents a GUI interface for configuration changes.
    I'm not sure that's true. I get the same dialog, and the same exception, if I disconnect the WAN uplink and try connecting to the router. That means myfiosgateway.com is a hardcoded pointer to localhost in that server's hosts table, and the path into the router control doesn't leave my house. There is likely web server software built into the router's firmware, and the cert distributed with that software. Probably the fix is a new firmware update with a proper certificate built in.

    I may try to call Verizon support today and stay on till I get someone who knows something. Wish me luck.
      My Computers
    Quote Quote

  8. Callender
    Posts : 6,834
    22H2 64 Bit Pro
       New #36

    Try resetting your router as suggested in Verizon forum.
      My Computer
    Quote Quote

  9. markm75
    Posts : 31
    10
       New #37

    Did anyone get a resolution to this, same issue here? I need to be able to login and disable the wireless portion and cant and verizon is claiming they cant disable it from their end because we have a router connected to the wan port of the verizon modem.
      My Computer
    Quote Quote

  10. simpk5
    Posts : 29
    windows 10
       New #38

    I had the same issue but simply added https:// to the ip address and it is working well.

    Example: https://192.168.1.1
      My Computer
    Quote Quote

  12. Random Dude
    Posts : 1
    Windows
       New #39

    Russians, apparently


    markm75 said:
    Did anyone get a resolution to this, same issue here? I need to be able to login and disable the wireless portion and cant and verizon is claiming they cant disable it from their end because we have a router connected to the wan port of the verizon modem.
    One month after OP posted this, Verizon revealed vulnerability previously exposed by security firm Tenable

    Vulnerability in Verizon Fios Quantum Gateway allows attackers to gain root privileges - TechRepublic

    Vulnerability in Verizon Fios Quantum Gateway allows attackers to gain root privileges

    by James Sanders in Security on April 9, 2019, 6:48 AM PST

    The vulnerability requires local access to be exploited, though Tenable Research claims it can be exploited remotely through the assistance of social engineering.

    A vulnerability in Verizon Fios Quantum Gateway--a Wi-Fi router often provided to customers of Verizon's fiber-optic internet service--allows attackers to gain root privileges, with a significant amount of effort. The vulnerability was discovered by Chris Lyne at Tenable Research, and was discovered alongside a login replay and password salt disclosure vulnerability, the trio of which are designated as CVE-2019-3914, CVE-2019-3915 and CVE-2019-3916.

    Gaining root access on a router can provide attackers an entry point to target other devices on the network, particularly Internet of Things (IoT) devices, which often lack their own security measures.

    ...

    In April 2018, the Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the UK's National Cyber Security Centre (NCSC) issued a joint statement warning of state-sponsored hackers leveraging vulnerabilities in routers, with the highly-publicized Slingshot and VPNFilter malware families discovered the same year.
    From the DHS/FBI statement, available here: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices | CISA

    Own the Router, Own the Traffic

    Network devices are ideal targets. Most or all organizational and customer traffic must traverse these critical devices. A malicious actor with presence on an organization’s gateway router has the ability to monitor, modify, and deny traffic to and from the organization.

    ...

    Legitimate user masquerade is the primary method by which these cyber actors exploit targeted network devices. In some cases, the actors use brute-force attacks to obtain Telnet and SSH login credentials. However, for the most part, cyber actors are able to easily obtain legitimate credentials, which they then use to access routers.

    Cyber actors masquerade as legitimate users to log into a device or establish a connection via a previously uploaded OS image with a backdoor. Once successfully logged into the device, cyber actors execute privileged commands. These cyber actors create a man-in-the-middle scenario that allows them to

    • extract additional configuration information,
    • export the OS image file to an externally located cyber actor-controlled FTP server,
    • modify device configurations,
    • create Generic Routing Encapsulation (GRE) tunnels, or
    • mirror or redirect network traffic through other network infrastructure they control.

    At this stage, cyber actors are not restricted from modifying or denying traffic to and from the victim.

    ...

    SMI is an unauthenticated management protocol developed by Cisco. This protocol supports a feature that allows network administrators to download or overwrite any file on any Cisco router or switch that supports this feature. This feature is designed to enable network administrators to remotely install and configure new devices and install new OS files.

    On November 18, 2016, a Smart Install Exploitation Tool (SIET) was posted to the Internet. The SIET takes advantage of the unauthenticated SMI design. Commercial and government security organizations have noted that Russian state-sponsored cyber actors have leveraged the SIET to abuse SMI to download current configuration files. Of concern, any actor may leverage this capability to overwrite files to modify the device configurations, or upload maliciously modified OS or firmware to enable persistence.
      My Computer
    Quote Quote

 

  Related Discussions
I like to use NirSoft Utilities, including all of the programs run from Sofer's NirLauncher. Windows Security killed my ability to run Nirlauncher when I ran the first scan after using several utilities launched thereby. I don't want to have this...
Hi there I couldn't believe this -- I'm switching my wireless connections completely from 2.4GZ to 5GHZ wireless (cable just upgraded to a nice optical fibre @ 200 Mb/s !! season 1 game of thrones approx 40 GB download at full 1080p with eng...
Try to use Spartan browser on Win10 build 10056 to access my home Router but unfortunately it canot pop up the login page.so I cannot do any configuration with my router when use Spartan browser. does anyone meet the same problem? thanks.
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 13:57.
Find Us




Windows 10 Forums