Security Vulnerabilities

sullivan2

I have the Actiontec MI424WR-GEN3I router Firmware: 40.21.24

I just ran the Nessus scanner to check the security of the router and it found a whole bunch of problems.

Here is the list. Do you have a firmware upgrade to help with these issues?

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

SSL Certificate Cannot Be Trusted

SSL Certificate Signed Using Weak Hashing Algorithm

SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)

SSL Version 2 and 3 Protocol Detection

SSL Weak Cipher Suites Supported

SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection

UPnP Internet Gateway Device (IGD) Protocol Detection

Accepted answers

CRobGauth

Its not a cop out.

This is a peer to peer support forum.
Verizon does not respond to issues here.

When it comes to software updates to Verizon router, you have to talk to them directly.

All comments

CRobGauth

This is a peer to peer support forum.

You will need to contact support.

1800verizon or twitter @verizonsupport.

sullivan2

That's a cop out. "Talk to someone else." Not solved. No kudos.

sullivan2

After explaining that my Actiontec MI424WR-GEN3I router has many vulnerabilities, the response from Verizon Support is: "You have reached Verizon Technical Support. You can continue to use our router or your own.^NHP"

"We give you a router. Just don't expect it to be secure."

jonjones1

@sullivan wrote:
After explaining that my Actiontec MI424WR-GEN3I router has many vulnerabilities, the response from Verizon Support is: "You have reached Verizon Technical Support. You can continue to use our router or your own.^NHP"
"We give you a router. Just don't expect it to be secure."

Technically they give nothing for free. The update to your router sent out by Verizon Fios and even cable companies should secure it from OUTSIDE ATTACKS just like Netgear and Belkin and Asus had done via a firmware update.

You may see your own network which is normal.

go to http://www.grc.com and take the shields up test by Gibson Research.

CRobGauth

Its not a cop out.

This is a peer to peer support forum.
Verizon does not respond to issues here.

When it comes to software updates to Verizon router, you have to talk to them directly.

tns2

Not familiar with the nessus scanner. Is it reporting these vulnerbilities against your WAN (external access) or internal.

Be sure to turn off external router admin (in the advanced options). Should be off by default.

Yes the internal ssl option to the router admin page(which most don't even turn on) is using weak certificates and most of other things you mentioned. If do have wan admin off most of the problems mentioned don't matter. Also the PnP options can be turned off. If you can't find the page (they hid it awhile back) its at http://192.168.1.1/index.cgi?active%5fpage=900 (logon first).

Remember you are asking peers here. Not Verizon Support.

sullivan2

Apologies. Thought you were saying that you only dealt with P2P networking issues. I thought I was dealing with Verizon. The fact that peers have more information than Verizon is not surprising. I suppose I had a hard time wrapping my head around the fact that Verizon is so useless. You guys are performing a much needed service. I did turn off the PnP, so that's an improvement. Ultimately I'm buying a new router. It doesn't answer the much larger question of why Verizon is putting insecure routers in people's homes in the first place, and most people don't know. There's essentially a bunch of backdoors into your network. What's additionally surprising is that if you do a search for secure routers, there's very few websites that even deal with the issue. Tons of pages on all the different types of routers, not much on security. That's troubling.

sullivan2

I think the key phrase there is "cable companies should secure it". There's a difference between giving nothing away for free and giving me a compromised router with backdoors. I appreciate your help.

jonjones1

@sullivan wrote:
I think the key phrase there is "cable companies should secure it". There's a difference between giving nothing away for free and giving me a compromised router with backdoors. I appreciate your help.

I appreciate the thank you 😀

The world we live in today is in a very cautious state. And you can see why.