Security Vulnerabilities

SOLVED
Reply
Highlighted
Contributor
Contributor
Posts: 5
Registered: ‎07-13-2017

Security Vulnerabilities

Message 1 of 10
(3,422 Views)

I have the Actiontec MI424WR-GEN3I router  Firmware: 40.21.24

I just ran the Nessus scanner to check the security of the router and it found a whole bunch of problems. 

Here is the list. Do you have a firmware upgrade to help with these issues?

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

SSL Certificate Cannot Be Trusted

SSL Certificate Signed Using Weak Hashing Algorithm

SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)

SSL Version 2 and 3 Protocol Detection

SSL Weak Cipher Suites Supported

SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection

UPnP Internet Gateway Device (IGD) Protocol Detection

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,910
Registered: ‎11-04-2008

Re: Security Vulnerabilities

Message 6 of 10
(3,346 Views)

Its not a cop out.

This is a peer to peer support forum.
Verizon does not respond to issues here.

When it comes to software updates to Verizon router, you have to talk to them directly.


If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.

View solution in original post

9 REPLIES 9
Highlighted
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,910
Registered: ‎11-04-2008

Re: Security Vulnerabilities

Message 2 of 10
(3,416 Views)

This is a peer to peer support forum.

You will need to contact support.

1800verizon or twitter @verizonsupport.


If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
Highlighted
Contributor
Contributor
Posts: 5
Registered: ‎07-13-2017

Re: Security Vulnerabilities

Message 3 of 10
(3,393 Views)

That's a cop out. "Talk to someone else." Not solved. No kudos.

Highlighted
Contributor
Contributor
Posts: 5
Registered: ‎07-13-2017

Verizon does not care about your security

Message 4 of 10
(3,398 Views)

After explaining that my Actiontec MI424WR-GEN3I router has many vulnerabilities, the response from Verizon Support is: "You have reached Verizon Technical Support. You can continue to use our router or your own.^NHP"

 

"We give you a router. Just don't expect it to be secure."

Highlighted
Platinum Contributor I
Platinum Contributor I
Posts: 5,123
Registered: ‎10-18-2016

Re: Verizon does not care about your security

Message 5 of 10
(3,375 Views)

@sullivan wrote:

After explaining that my Actiontec MI424WR-GEN3I router has many vulnerabilities, the response from Verizon Support is: "You have reached Verizon Technical Support. You can continue to use our router or your own.^NHP"

 

"We give you a router. Just don't expect it to be secure."


Technically they give nothing for free. The update to your router sent out by Verizon Fios and even cable companies should secure it from OUTSIDE ATTACKS just like Netgear and Belkin and Asus had done via a firmware update. 

You may see your own network which is normal.

go to http://www.grc.com and take the shields up test by Gibson Research.

 

 

 

 

 

Highlighted
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,910
Registered: ‎11-04-2008

Re: Security Vulnerabilities

Message 6 of 10
(3,347 Views)

Its not a cop out.

This is a peer to peer support forum.
Verizon does not respond to issues here.

When it comes to software updates to Verizon router, you have to talk to them directly.


If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.

View solution in original post

Highlighted
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 4,437
Registered: ‎12-16-2012

Re: Security Vulnerabilities

Message 7 of 10
(3,333 Views)

Not familiar with the nessus scanner.  Is it reporting these vulnerbilities against your WAN (external access) or internal.

 

Be sure to turn off external router admin (in the advanced options).  Should be off by default.

 

 

Yes the internal ssl option to the router admin page(which most don't even turn on) is using weak certificates and most of other things you mentioned.  If do have wan admin off most of the problems mentioned don't matter.  Also the PnP options can be turned off.  If you can't find the page (they hid it awhile back) its at http://192.168.1.1/index.cgi?active%5fpage=900 (logon first).

 

Remember you are asking peers here.  Not Verizon Support.

Highlighted
Contributor
Contributor
Posts: 5
Registered: ‎07-13-2017

Re: Security Vulnerabilities

Message 8 of 10
(3,303 Views)

Apologies. Thought you were saying that you only dealt with P2P networking issues. I thought I was dealing with Verizon. The fact that peers have more information than Verizon is not surprising. I suppose I had a hard time wrapping my head around the fact that Verizon is so useless. You guys are performing a much needed service. I did turn off the PnP, so that's an improvement. Ultimately I'm buying a new router. It doesn't answer the much larger question of why Verizon is putting insecure routers in people's homes in the first place, and most people don't know. There's essentially a bunch of backdoors into your network. What's additionally surprising is that if you do a search for secure routers, there's very few websites that even deal with the issue. Tons of pages on all the different types of routers, not much on security. That's troubling. 

Highlighted
Contributor
Contributor
Posts: 5
Registered: ‎07-13-2017

Re: Verizon does not care about your security

Message 9 of 10
(3,337 Views)

I think the key phrase there is "cable companies should secure it". There's a difference between giving nothing away for free and giving me a compromised router with backdoors. I appreciate your help.

Highlighted
Platinum Contributor I
Platinum Contributor I
Posts: 5,123
Registered: ‎10-18-2016

Re: Verizon does not care about your security

Message 10 of 10
(3,335 Views)

@sullivan wrote:

I think the key phrase there is "cable companies should secure it". There's a difference between giving nothing away for free and giving me a compromised router with backdoors. I appreciate your help.


I appreciate the thank you 😀

The world we live in today is in a very cautious state. And you can see why.

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Covid19


Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.