dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2
share rss forum feed


koolkid1563
Premium,MVM
join:2005-11-06
Powell, WY
reply to Oligarchy

Re: 2Wire Cross Site Request Forgery Vulnerability

I have done this on my 2wire 3800HGV-B with firmware version 5.29.105.76 and it works. There is more that can be done than just changing the password and maybe adding a DNS redirect in the resolve page. I have been able to figure out the URL commands using the POST and SET pages to control almost every setting of the RG.

Great tips on how to secure yourself though, but still, the general population isn't going to want to or really know how to do that.

Oligarchy

join:2008-02-12
San Diego, CA
said by "kookid1563" :
I have done this on my 2wire 3800HGV-B with firmware version 5.29.105.76 and it works. There is more that can be done than just changing the password and maybe adding a DNS redirect in the resolve page. I have been able to figure out the URL commands using the POST and SET pages to control almost every setting of the RG.
agreed. you can change the wireless settings (SSID, change to WEP OR WPA or unsecured, or jsut change the passphrase for each) , change firewall settings, disable interfaces, reboot, etc. There's many hidden pages that you can't find through the interface if you just go up sequentially through the A, H, J, etcetera pages.