This also means if the web browser is closed, there is a 5 minute window for someone else to access the computer, and subsequently the router, without needing the router's password.
Essentially, logging in to the router's web interface with a browser grants unauthenticated access from that computer's IP address for a default of 5 minutes, or until the logout link is clicked. As I understand it, this differs from "normal" router behaviour.
I wonder what people's thoughts on this are. It seems to represent a cross-site scripting vulnerability, or a router security vulnerability where a PC is sited in a shared PC environment?
Edited by Oliver341 (Mon 16-Jul-12 18:12:33)