Bugtraq mailing list archives

Re: Security flaw in Telocity's "Gateway Modem"

From: Shane Youhouse <Shane.Youhouse () GOODMANMFG COM>
Date: Thu, 22 Feb 2001 08:03:56 -0600

On Tuesday 20 February 2001 18:29 US Central Time, Kras Hish wrote:

Telocity provides DSL to their customers through what they call the
Telocity "Gateway Modem".
In the modems, you can connect to them through your web browser to view
usage statistics, your assigned IP, the DHCP server IP (Modems IP),
Management's IP (Modem's IP, different than the previous), DNS IP, and

the

hardware software version information.

In the older model modem, it is possible to remotely view the "Details"
section of the modem, thus reveling all the above mentioned information

to

a possible intruder.  Telocity has numbered their gateways in sequential
order, so it would be possible to write a script that would search for
http://123.123.123.1/stats in a range of addresses.  Of course is the

ever

interesting URL http://123.123.123.1/admin which prompts you for a
username/password combo to access what? (any information on this would be
great)

How is this a "security flaw"?



Anything that gives out information about the network is a security flaw,
unless
you explicitly allow it.

It displays your connection's status as well
as hardware information of your DSL modem.



And you don't see a problem with that?

Find an exploit (SNMP, buffer overflow, etc.) that will exploit that model
router.

Gee, now isn't it nice that a simple shellscript will show you everything
about that
particular router on a complete subnet?  Seems that would allow a hax0r to
find out,
exploit, and possibly find passwords for other datacomm / root /
administrator accounts.
(We all know how many people REALLY follow the password rules, never reuse,
never duplicate,
etc.)


This is really useful, especially

if you run a server off your Telocity DSL line.  It let's you check on your
connection remotely, so you can check status of your DSL from anywhere.




If you run a server off the dsl line, what is wrong with typing
www.thisismyaddress.com to check
the status.  Nothing comes up, its down.  If you get a page, its up.  With
no security risk.


I

think this is a feature, rather than a bug.



You define features a la Microsoft.


Toll_Free

Current thread:

Security flaw in Telocity's "Gateway Modem" Kras Hish (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Don Hammond (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Emre Yildirim (Feb 21)
  - Re: Security flaw in Telocity's "Gateway Modem" Kras Hish (Feb 22)
- <Possible follow-ups>
- Re: Security flaw in Telocity's "Gateway Modem" Shane Youhouse (Feb 22)
- Re: Security flaw in Telocity's "Gateway Modem" bugtrax (Feb 23)