We recently purchased a Netgear FS526T. Seems spectacularly good value for what it does, but I'm finding out something worrisome about its web management access.
While trying to devise some simple scripts to drive its web interface, I've several times "succeeded" in killing the box's web server. After which, it seems that neither a web browser nor their "smart wizard" configuration utility can get any contact with it, until the box has been re-set manually.
I can't say that I could reproducibly kill the box at will, but this is clearly disturbing.
But worse... the box offers to limit management access to a specified list of IP source addresses. This, one might think, would protect it from hostile access. But no: it happily responds to HTTP protocol requests from any source address, right up to the point at which it checks for a password, and only then does it deny access.
That seems crazy to me: it leaves any weaknesses in the IP, TCP, HTTP protocol implementations (and clearly, there must be some) open to anyone, anywhere, who can access port 80.
Bearing in mind that the firmware is upgradeable, it seems to me that if their technical folks could be persuaded that something's wrong here, they could fix it.
I doubt that I'd get any useful answer trying to raise this issue with the sales structure, or even first-line technical support ("did you remember to plug it in?"). Anyone suggest a productive approach that wouldn't involve me in too much effort?
thanks
p.s I'm only an occasional visitor to the comp.dcom.* groups; if it's thought that I've picked an unsuitable group to raise this question, please do make a constructive proposal.