Bugtraq mailing list archives
Re: Security flaw in Telocity's "Gateway Modem"
From: Don Hammond <admin1 () TRADERSDATA COM>
Date: Wed, 21 Feb 2001 18:16:06 -0500
On 20 Feb, Kras Hish wrote: | Telocity provides DSL to their customers through what they call the Telocity | "Gateway Modem". | In the modems, you can connect to them through your web browser to view | usage statistics, your assigned IP, the DHCP server IP (Modems IP), | Management's IP (Modem's IP, different than the previous), DNS IP, and the | hardware software version information. | | In the older model modem, it is possible to remotely view the "Details" | section of the modem, thus reveling all the above mentioned information to a | possible intruder. Telocity has numbered their gateways in sequential | order, so it would be possible to write a script that would search for | http://123.123.123.1/stats in a range of addresses. Of course is the ever | interesting URL http://123.123.123.1/admin which prompts you for a | username/password combo to access what? (any information on this would be | great) | | [...] The router that came with my DSL service was delivered configured to provide admin login on the standard telnet and http ports on both the WAN and LAN sides. I don't know if that was standard factory configuration or if it was set up that way by my provider, but you could access the browser based configuration utility from the internet if you could come up with the password. The configuration options available through this interface are not nearly as complete as from the command-line interface (or presumably through the Windows software which I never installed), but potentially damaging nonetheless. Not to mention the full command-line interface could be accessed through a telnet session with the same password. When I called the provider to tell them I had turned off all WAN admin access, they were fine with that but wanted a signed waiver with me assuming responsibility since they could no longer manage the router remotely. I had no problem with that, but it makes one realize that probably all these types of devices delivered to home users/small business who expect [most] everything to be done for them, have similar WAN access enabled. Best guess is that's what you're seeing. Don Hammond
Current thread:
- Security flaw in Telocity's "Gateway Modem" Kras Hish (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Don Hammond (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Emre Yildirim (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Kras Hish (Feb 22)
- <Possible follow-ups>
- Re: Security flaw in Telocity's "Gateway Modem" Shane Youhouse (Feb 22)
- Re: Security flaw in Telocity's "Gateway Modem" bugtrax (Feb 23)