|reply to Oligarchy |
Re: 2Wire Cross Site Request Forgery Vulnerability
I just thought that I would update this. AT&T has released a new firmware upgrade for the 3800 series 2wire RG that their U-verse service uses. It requires that a password always be set, and that the current password be known/entered to change it. They have also completely removed the DNS resolve page from the MDC. They released a UI hotfix not too long ago that made the H04 page unable to change the password, but this new firmware upgrade has deleted the UI hotfix as it has not only fixed what I mentioned above, but it has also removed the H04 password change page completely.