Enabling remote access to Asmax AR1004g router

To access your Asmax AR1004g router remotely (i.e. from WAN / Internet side, not from your local network), you have to remember about two things. Because I nearly always forget about one of these things (or about both in the same time), I wrote this simple memo-post as a reminder to myself.

In this post you may also learn how stupid are Asmax engineers and designers.

First thing is, of course, to enable remote access to your router:

  1. Login to router from local network.
  2. Go to Management > Access Control > Services.
  3. Enable (check) at least HTTP in WAN column.
  4. Click Save/Apply.

Your changes should occur immediately, without need of restarting the router.

This is a bit strange approach. Most routers has a specific checkbox saying precisely Enable remote access to this device. Many users may be surprised to find out, how to enable remote access on AR1004g.

Second thing to remember, is that you must login remotely as support user only. There is no chance, you can login as admin. Due to security issues (official statement) or poorly written firmware (my theory), you’ll be informed that your password is incorrect, when you try to login remotely as admin, even if it actually is correct.

Change password for admin, support and guest in Management > Access Control > Passwords.

If you don’t want to ruin your good looking day, don’t look at this page’s source. If you do this, you’ll notice that password verification is done entirely on client side (Javascript) and that all your three passwords are clearly visible as open text in page’s source.

This is a real drama! I can’t find words enough powerful to blame Asmax stupidity! In 2012 they’re selling router, which firmware is violating basic concepts of security defined decades ago!

Leave a Reply