Question

The router should block not successfull login attemps after 5 times (fail count is set to 5). In the event log you can the these attemps but the device is not blocked. I looks like you have unlimited password attemps.

The device is added to the blocked adresses list but you can still try new passwords. I can enter 50 wrong passwords and then the correct password. Login works.....

In this scenario the router is vulnerable for bruteforce attacks.

Can anyone confirm?

Answer 1

Hello,

I did some tests but I couldn't reproduce the same results. Can you share some more info on this case?

1. Can you share more information on your testing method? It seems you are connecting from HTTPS WAN, but the IP address is private. Does it mean that you're using wired WAN or is this a private mobile network? I've tested most scenarios (HTTP, HTTPS, remote and local connections plus again after reboots and config changes) but the blocking works as expected every time.
2. Do you know which FW version was previously installed on the device? Did you upgrade to the current version with the 'Keep all settings' option ticked?
3. Can you try the same thing after doing a factory reset? And if it still happens, can you download a Troubleshoot file from the System → Administration → Troubleshoot page and send it to me via private message?
4. Can you remember if you made any other changes to Access Control or other router configurations before you encountered this issue? What were these changes?

Comments

Yes, I upgraded the FW with the "keep all settings" option. I think this was part of the problem. After a full reset of device everything works fine!

Thanks for your help!