RE: Ericsson HM220dp ADSL modem Insecure Web Administration Vulne rability

[Johan Kölhi (EAB) <Johan.Kolhi () etx ericsson se>]

Hi all,

Ericsson is working on this issue now. A solution for this problem is on the way, we will come back with more 
information in next week on this.

Best regards,

Johan Kölhi
Ericsson Broadband Access


-----Original Message-----
From: Fredrik Björk [mailto:Fredrik.Bjork.List () varbergenergi se]
Sent: den 13 februari 2003 10:17
To: bugtraq () securityfocus com
Subject: Re: Ericsson HM220dp ADSL modem Insecure Web Administration
Vulnerability


At 08:37 2003-02-11 +0100, you wrote:
> Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability
> Discussion:
> Ericsson HM220dp is a small office enviroment ADSL modem, distributed
> by many Carriers such as Telecom Italia to thousand users.
> It may be administered remotely through a number of mechanisms,
> including a web based interface.
> Unfortunately, the web interface does not require authentication
> and does not give the possibility to require it.
> Unauthorized users accessing the web pages may perform a variety of 
> malicious actions.
> By the way Ericsson forced the modem in "Bridged" mode with a modified 
> firmware, so the web administration page could not be accessed from 
> Internet but "just" from any user of the lan.
> It is possible that other products of the same series share this 
> vulnerabilty.

Not according to my contacts at Ericsson. The vulnerability is limited to 
one batch of 6000 modems delivered to the Italian market, which is bad 
enough! The entire 220 series was discontinued in 2001.

> Solution:
> Ericsson has been contacted months ago but it's not still providing an 
> updated firmware version that could prevent the problem ignoring it.

If Ericsson is completely ignoring this issue, it is not good! However, it 
seems that they have provided an upgrade to limit unauthenticated access to 
the LAN side of the modem, which could be considered an acceptable solution.

/Fredrik