mailing list archives
Re: Security flaw in Telocity's "Gateway Modem"
From: Don Hammond <admin1 () TRADERSDATA COM>
Date: Wed, 21 Feb 2001 18:16:06 -0500
On 20 Feb, Kras Hish wrote:
| Telocity provides DSL to their customers through what they call the Telocity
| "Gateway Modem".
| In the modems, you can connect to them through your web browser to view
| usage statistics, your assigned IP, the DHCP server IP (Modems IP),
| Management's IP (Modem's IP, different than the previous), DNS IP, and the
| hardware software version information.
| In the older model modem, it is possible to remotely view the "Details"
| section of the modem, thus reveling all the above mentioned information to a
| possible intruder. Telocity has numbered their gateways in sequential
| order, so it would be possible to write a script that would search for
| http://126.96.36.199/stats in a range of addresses. Of course is the ever
| interesting URL http://188.8.131.52/admin which prompts you for a
| username/password combo to access what? (any information on this would be
The router that came with my DSL service was delivered configured to
provide admin login on the standard telnet and http ports on both the
WAN and LAN sides. I don't know if that was standard factory
configuration or if it was set up that way by my provider, but you could
access the browser based configuration utility from the internet if you
could come up with the password. The configuration options available
through this interface are not nearly as complete as from the
command-line interface (or presumably through the Windows software
which I never installed), but potentially damaging nonetheless. Not to
mention the full command-line interface could be accessed through a
telnet session with the same password.
When I called the provider to tell them I had turned off all WAN admin
access, they were fine with that but wanted a signed waiver with me
assuming responsibility since they could no longer manage the router
remotely. I had no problem with that, but it makes one realize that
probably all these types of devices delivered to home users/small
business who expect [most] everything to be done for them, have similar
WAN access enabled. Best guess is that's what you're seeing.