What do you use as a separate AP? My cursory searching indicates there exist enterprise-grade APs requiring a controller device, overkill for my apartment, or I use your standard bestbuy device like we're wanting to be avoiding in this thread.
Most consumer routers actually work fairly well as APs. Once you've turned off all the routing functionality, which are the most complex and resource intensive bits, they seems to actually be pretty stable. I'm currently using an Asus RT-AC66U, which is complete overkill, but I wanted reliable AC wifi and it was the best option at the time. Prior to that I was using an Asus EA-N66R AP.
As for how this relates to the exploit discussed here, your only using it as an AP, you'll very rarely need to login after the first setup since it really isn't doing much, just Wifi <-> Ethernet bridging. If using a consumer router the WAN port isn't connected to anything, no outside access to worry about (unless you did some funky forwarding on the pfsense box). You should also disable management via Wifi. That limits any access to a wired connection to the network, meaning someone is already in your apartment to physically patch in with an ethernet cable. Any security bets are off at that point. If you want super extra special security you can setup firewall rules on the pfsense box that only make the AP's IP address accessible from a particular port.
As dumb as this exploit is on the part of netgear, remember that to exploit it the attacker had to have already broken the WPA2 security to access the wifi or physically plugged in with ethernet. The first vector can be avoided by simply turning off management via wifi.
As dumb as this exploit is on the part of netgear, remember that to exploit it the attacker had to have already broken the WPA2 security to access the wifi or physically plugged in with ethernet. The first vector can be avoided by simply turning off management via wifi.
Or accessed your router internally via JavaScript, img tag, or iframe hidden on a malicious or compromised page. XSRF is real.
Edit: granted, browsers limit what JavaScript can do across sites, but request-only access is enough to change DNS settings to something malicious, and if the attacker can inject unescaped content into the page in some way, then they can run JavaScript on the router page and send data back that way.
Edit2: I'm not certain, but I think the timing of image load events could be used to determine success/failure of router actions loaded through a hidden img tag.
You could use a Ubiquity Unifi. They're cheap ( US $69 ) and the control software is only needed to provision them (so long as you're willing to forgo the guest wifi captive portal feature - if you want that then you have to run the control software full time.)
I recently got a Unifi and I'm pretty happy with it. It's somewhere between enterprise and consumer-grade, with an administration interface and reliability / performance leaning towards the enterprise side, and price leaning towards consumer-grade :)
