• Robin (unregistered)

    The best part of this is that at one point they used router.push('/') to navigate

    While leaving commented-out code in there is certainly part of this many-sided WTF, I wouldn't assume it's definitely "old code that has been replaced".

    I suspect it's more likely something a developer put in, and commented out, while debugging some issue. It certainly doesn't reflect well on code-review practices that this was left in (let's face it, this feels like the kind of product that doesn't do code reviews, or probably any testing except maybe some fully-manual, happy-path-only testing) - but it could have been worse, at least it got checkef in/deployed with the commented-out version!

  • (author) in reply to Robin

    100% possible, certainly.

  • Jason Stringify (unregistered)

    If only there was some easy way to find whether an array includes a particular character.

  • (nodebb)

    You can use all the fancy frameworks you want, but if you put bizarre HTML soup inside it then you'll end up with bizarre effects. The amazing thing is that no browser seems to have decided to delete one of the input boxes for daring to have the same ID as the other one, as a "malicious compliance" sort of thing.

  • (nodebb)

    Funny, my router doesn't show stars, it shows " hunter2 you"

  • Kelly Hrdina (unregistered)

    This type of flaky behavior with the password field reminds me of the old fios router that I recently replaced. On that one, the number of asterisks I would see on-screen would vary each time I typed a character. IIRC cut & paste actually worked better than just typing.

  • (nodebb)

    " the number of asterisks I would see on-screen would vary each time I typed a character." Lotus Notes did that as well, but they billed it as a security feature since then someone looking over your should can't tell how many characters are in your password.

    Addendum 2026-02-04 12:45: "shoulder"

  • (nodebb) in reply to n9ds

    I suspect that Lotus Notes varied the number of asterisks because the PLATO system, which inspired the developer of Lotus Notes, varied the number of X characters displayed for each keypress during password entry.

  • (nodebb) in reply to cellocgw

    it shows " hunter2 you"

    Hey, that's my DailyWTF password!

  • (nodebb)

    the router control interfaces for commodity routers are often written by the same networking engineers who are writing the network stack

    I seriously doubt that. I know a few network engineers who would laugh at their manager's face rather then write a frontend, in JavaScript even less so! More likely the web UI was initially written by whoever intern happened to be around. At worse it was actually written by some graphic designer who thinks he can code.

  • DrPepper (unregistered)

    It surprises me how many times an employer (or client, in my case, since I'm a consultant) prefers a full-stack developer over a dedicated front-end dev. There is so much specialized knowledge required to properly produce a front-end application; and an equal amount of deep knowledge required to properly produce a back end, that you just can't get (unless you're really lucky) from a full-stack dev.

  • (nodebb) in reply to DrPepper

    As a full-stack developer for the last 17+ years, I cannot find any point to disagree with in your post. I would bet a month's salary (gross) that a good front-end specialist could improve my code in at least five different ways their first day.

  • xtal256 (unregistered)

    I had a similar problem where I was unable to change the password on my father's new router. While the UI said the password should contain one of each special character (i.e. one of *, #, $, etc) the regex in the JavaScript was essentially expecting each character to be every one of those characters. Since that would never pass, it did not accept anything I gave it and I had to instead keep the default password.

  • Sites Trends (unregistered) in reply to Robin

    https:// sitesfortrends.com

    Launch a Startup Website in Under a Week

    Professional website templates built for startups and SaaS products. Fast-loading, SEO-optimized HTML templates designed to help founders launch quickly.

  • (nodebb) in reply to xtal256

    the regex in the JavaScript was essentially expecting each character to be every one of those characters

    . . . where the Q in "QA" stands for Quick.

  • Greg (unregistered)

    Yet another example of a hardware company that seems to consider software as a necessary evil and puts in the least possible effort to ship something that more or less works...

  • StarLite (unregistered)

    I recognized this exact behavior from my router (Zyxel VMG8825-T50) I checked, and lo and behold; this exact code showed up in my devTools... It's super annoying that my browser and password manager won't autofill the password.

    Also, every time I go to the admin page, I get a big red browser warning saying the certificate is not valid and I must click the 'proceed anyways' button.

    The web UI for this thing is an absolute monstrosity indeed.

  • Officer Johnny Holzkopf (unregistered)

    The document.onkeydown event handler seems to be missing something. Shouldn't there be a "event.preventDefault();" before any programmed action?

  • Álvaro González (github)

    My TP-Link router locks you out if you change the default password and there's something in the new password that it doesn't like. I don't know exactly if it's non A-Z chars, or being too long. After having to factory reset after each failure, my curiosity diminished and I settled for an easy to guess password.

  • (nodebb) in reply to Remy Porter

    100% possible, certainly.

    Surely it's either possible or not possible? Why put a percentage? What does it even mean to to say something g is 23% possible?

Leave a comment on “This Router Says **** You”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article