Router - to whitelist or not?

Ask for help about NoScript, no registration needed to post
Post Reply
RouterNovice

Router - to whitelist or not?

Post by RouterNovice »

The router here needs JS for its web ui menus. Until now, I've whitelisted it.
With the recent publicity given to various holes in router modules etc, including on your own blog, is it possible for these scripting capabilities in the router to be subverted for other than UI operation - say if a router is getting run remotely after being hacked?
I am probably answering my own question but what would I know? Would it be wiser to only allow JS on-the-fly when accessing the router via its web interface?
thanks in advance for advice and for NoScript/ABE, which rocks :-)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2) Gecko/20100115 Firefox/3.6
Top
User avatar
therube
Ambassador
Posts: 7969
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Router - to whitelist or not?

Post by therube »

I Temporarily Allow my router when I need to access it.
Otherwise, it is blocked.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20100104 SeaMonkey/2.0.2
Top
User avatar
Giorgio Maone
Site Admin
Posts: 9524
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:
Contact Giorgio Maone

Re: Router - to whitelist or not?

Post by Giorgio Maone »

As long as ABE and its SYSTEM rules are enabled, there's no risk in keeping JS enabled in your router -- aside malicious firmware updates, but at that point you'd have a much bigger problem ;) -- because any cross-site attack from an internet web page gets blocked by ABE.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
Top
Post Reply

Return to “NoScript Support”