[plug] [cert-advisory at cert.org: CERT Advisory CA-2001-08]
Jason Nicholls
jason at mindsocket.com.au
Wed Apr 11 12:19:27 WST 2001
On Wed, Apr 11, 2001 at 11:49:23AM +0800, Matt Kemner wrote:
> On Wed, 11 Apr 2001, Simon Scott wrote:
>
> > What are they saying, that it is easy to get the 'challenge string'
> > and from it determine the password, and therefore someone online could enter
> > some low-level troubleshooting mode???
>
> There's a few other things they can do, but I would say the fact anyone
> can replace the firmware with anything they like is probably about as bad
> as it gets.
I agree.
Now I didn't know this modem had all this admin functionality. The modem box
included a single A4 sheet of paper with items like 'do not submerge in
water'.
If you're interested in taking a look and you're using rp-pppoe then do the
following (assuming eth1 is the eth interface connected to the modem):
1. Setup the eth1 interface to use an IP address in the 10.0.0.x range
_except_ for 10.0.0.138 cause that's the modem (default).
2. take down the interface and bring back up (yes the ADSL connection will
still remain minus the down/up period.
3. Head to your web browser and access http://10.0.0.138/
NOTE: I think this is the only way for the exploit to work, ie the local
interface connecting the ADSL modem is up (plus some other probs). So perhaps
bring down eth1 after and remove the IP settings when you're done.
Later,
Jason Nicholls
--------------------------------------------------------------------
Jason Nicholls icq: 11745841 email: <jason at mindsocket.com.au>
Proprietor mobile: 0417 410 811
Mind Socket [web services] http://www.mindsocket.com.au/
--------------------------------------------------------------------
More information about the plug
mailing list