dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
24
sasparilla
join:2008-04-09
Round Lake, IL

sasparilla to jandar1

Member

to jandar1

Re: 2Wire Cross Site Request Forgery Vulnerability

said by jandar1:

2Wire 2701HG-B
Software: 5.29.109.11
With a system password set, none of those exploits work. It always prompts me to enter my current pass. Simple enough fix.
This sounds nice but 2Wire/AT&T must be rolling it out slowly - its apparantly only available to some people so far.

If I go to "View Available System Upgrades" on my AT&T/2Wire 2701HG-B, which has never been updated since it came from AT&T, it shows none available....Software version is 5.29.109.5. :-(

So, while a fix is supposedly out there, its apparantly not out there for everyone yet.

left_out
@sbcglobal.net

left_out

Anon

said by sasparilla:

This sounds nice but 2Wire/AT&T must be rolling it out slowly - its apparantly only available to some people so far.
AT&T claims they've already rolled it out to the majority of its customers. »tech.slashdot.org/tech/0 ··· 14.shtml

None of this helps us poor HomePortal 1xxx users, since we can't use 5.xx firmwares. No update for us, it seems. My 1701HG remains very hackable. »AT&T claims this is fixed???

koolkid1563
MVM
join:2005-11-06
Powell, WY
MikroTik CCR1036-8G-2S+
MikroTik hAP AC

1 edit

koolkid1563 to sasparilla

MVM

to sasparilla
Note that the fix may not be in the form of a firmware upgrade. AT&T first fixed this issue on the 3800 series with a UI Hotfix that got applied. The firmware upgrade included the hotfix in it's code so the hotfix was no longer needed.

It might take awhile, but at least they are trying.