site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Equipment Support > Hardware By Brand > 2Wire > 2Wire Cross Site Request Forgery Vulnerability

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Read the FAQs! ·Need Help? ·2W Home Page ·2W Support Page
AuthorAll Replies

jandar1

join:2006-01-16
Middleburg, FL

reply to Oligarchy

Re: 2Wire Cross Site Request Forgery Vulnerability

2Wire 2701HG-B
Software: 5.29.109.11

With a system password set, none of those exploits work. It always prompts me to enter my current pass.

Simple enough fix.
to forum · permalink · 2008-04-08 19:10:51 ·

sasparilla

join:2008-04-09
Round Lake, IL

said by jandar1:

2Wire 2701HG-B
Software: 5.29.109.11
With a system password set, none of those exploits work. It always prompts me to enter my current pass. Simple enough fix.
This sounds nice but 2Wire/AT&T must be rolling it out slowly - its apparantly only available to some people so far.

If I go to "View Available System Upgrades" on my AT&T/2Wire 2701HG-B, which has never been updated since it came from AT&T, it shows none available....Software version is 5.29.109.5. :-(

So, while a fix is supposedly out there, its apparantly not out there for everyone yet.
to forum · permalink · 2008-04-09 14:21:30 ·


left_out

@sbcglobal.net

said by sasparilla:

This sounds nice but 2Wire/AT&T must be rolling it out slowly - its apparantly only available to some people so far.
AT&T claims they've already rolled it out to the majority of its customers. »tech.slashdot.org/tech/08/04/08/···14.shtml

None of this helps us poor HomePortal 1xxx users, since we can't use 5.xx firmwares. No update for us, it seems. My 1701HG remains very hackable. »AT&T claims this is fixed???
to forum · permalink · 2008-04-09 15:51:22 ·


koolkid1563
Premium,MVM
join:2005-11-06
Powell, WY
1 edit

reply to sasparilla
Note that the fix may not be in the form of a firmware upgrade. AT&T first fixed this issue on the 3800 series with a UI Hotfix that got applied. The firmware upgrade included the hotfix in it's code so the hotfix was no longer needed.

It might take awhile, but at least they are trying.

to forum · permalink · 2008-04-09 16:15:06 ·

sasparilla

join:2008-04-09
Round Lake, IL
1 edit

reply to jandar1

said by jandar1:

2Wire 2701HG-B
Software: 5.29.109.11
With a system password set, none of those exploits work. It always prompts me to enter my current pass.
Hey Jandar, as an interested owner of another 2701GH-B that is susceptible to the exploits (got the 2701 from AT&T this week, v5.29.109.5), how did you get the updated firware?

As my 2701 is telling me no updates available when checking for firmware updates. And AT&T support site and 2Wire website do not have updates listed either.

Scott
to forum · permalink · 2008-04-10 18:40:20 ·
Forums > Equipment Support > Hardware By Brand > 2Wire

Tuesday, 21-May 17:49:34 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics