Folks who used the web administration functionality directly from the unit should take note and take care not access from an unsecured location.
I recently reported to Securifi that the password to the device is visible in clear while using the web console. Given that the web console is LAN based and you are not likely to access it regularly it should mitigate the impact of the issue. The router is your gate to your house in networking context and hence it is a serious issue.
I would like to remind and warn users to:
1) only access the console when needed
2) Over a secured physical lan connection, if possible. Never do it over a open wifi connection.
3) Use VPN where possible.
4) Change password regularly until the issue is fixed.
The password can be lifted using a package sniffer (Wireshark etc) and might be visible within a proxy server if the information does pass through one.
I like to take the opportunity to raise this awareness to the community and also to request for an update of the next firmware release. Perhaps implementation of 2 factor authentication using the google authenticator would be nice. But at a minimum https for web console using self signed cert is required. This is a standard features for all the commercial consumer routers/access points I have used.
Hope we can have a release soon
