dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
39
share rss forum feed


no_fix_4U

@sbcglobal.net
reply to evad123

AT&T claims this is fixed???

So this story shows up on slashdot »tech.slashdot.org/tech/08/04/08/···14.shtml
and AT&T responds by claiming they've already fixed this problem for most all their users. But my 1701HG has 4.25.19 and it's still easily hijacked. It seems some of the 5.xx firmwares are fixed, but that doesn't work on older homeportals.

This exploit still works on my box:
http://192.168.1.254/xslt?PAGE=H04_POST&PASSWORD=admin&PASSWORD_CONF=admin
http://192.168.1.254/xslt?PAGE=A02_POST&PASSWORD=admin&THISPAGE=J38&NEXTPAGE=J38_SET&ADDR=127.0.0.1&NAME=ww.example.com
 

First URL sets my password without asking for confirmation. Second URL hijacks www.example.com to 127.0.0.1

So is AT&T just feeding us a line?


ctceo
Premium
join:2001-04-26
South Bend, IN
Reviews:
·Virgin Mobile Br..

3 edits

I'm running in the BETA pool 4.25.19 on a 1000HG

Exploit 1 brings up the "Page not Found" screen.
Exploit 2 brings up the "Enter the Password" Screen.

If your passwords were set to "admin", you'd definitely have a problem on your hands, and as for the first one if you have no password set, You might have an issue as this SETS your password to whatever the attacker wants. He's then free to run exploit #2 assuming that the host site used is ready for the embed.

I recommend that everyone who uses a vulnerable 2Wire SET A SYSTEM PASSWORD other than "admin". I use 5 letters & 5 Numbers caps & lowercase, no spaces or characters is ok.


sasparilla

join:2008-04-09
Round Lake, IL
reply to no_fix_4U

said by no_fix_4U :

So is AT&T just feeding us a line?
It definately makes me wonder if this just wasn't spin control on AT&T's part. Suposedly, 2Wire's/AT&T's fixes have been out in the wild for my 2701 for several days, but checking for a firmware update shows no updates available.

The v5.29.109.5 software on my AT&T 2701 (that I got this last week) is fully exploitable (just verified that the exploits work on it). (Supposedly another user's v5.29.109.11 is the fixed version)

Seems like spin control to me, at this point.


no_fix_4U

@sbcglobal.net
reply to ctceo

said by ctceo:

I'm running in the BETA pool 4.25.19 on a 1000HG

Exploit 1 brings up the "Page not Found" screen.
Exploit 2 brings up the "Enter the Password" Screen.

If your passwords were set to "admin", you'd definitely have a problem on your hands
So it sounds like there's a fixed beta 4.25.19 out there, or perhaps you have the UI hotfix that was mentioned. How did you get your beta version? My 4.25.19 is still vulnerable:

For me, the exploit works regardless of the password I have set. I've always had a strong password (8 characters, with numbers/punctuation), but the first exploit resets the password to "admin".

Apparently AT&T has not deployed the hotfix to me. Wish I could get updated - my 1701HG always tells me I have the latest version.


ctceo
Premium
join:2001-04-26
South Bend, IN
Reviews:
·Virgin Mobile Br..

I've been on several hundred BETA lists in the last 15 years, Games, Hardware, Software, MMO's, and I actually have to turn down some that I otherwise would love to participate in. As for the 2Wire, I was chosen based on a questionaire that I got when I subscribed for at&t DSL back in early 2000. Since then I've had the pleasure of being part of the test groups. For a couple models and about 2 or 3 firmwares, Including the latest 4.25.19 .

They've been hush hush about the vulnerability, so I'm sure based on that and my experience with other earlier problems that the hardware had, they're working on it. Due to that pretty pink sheet of paper that I have labeled Non-Disclosure Agreement blah blah, blah blah; in BOLD and UNDERLINE, I cannot comment any further.



yes_fix_4u

@sbcglobal.net
reply to no_fix_4U

It's a hotfix, not a firmware change. I have U-verse and they first pushed out a hotfix then they updated the firmware fixing some other things. look at your MDC page: »home/mdc at the bottom of the System Settings page and look for hotfix or uihotfix. My brother has normal adsl and he has the patch and I believe it says hotfix. Oh, he has a 2701(?) and the firmware didn't change, just a component was added.

»New Firmware for 3800 Series



no_fix_4me

@sbcglobal.net

U-verse isn't the universe

Ok, I understand that on a 2Wire forum, some fanboys will come out in defense, but it's foolish to claim that everything's hunky-dory because a very small subset - U-verse and a select few others - have the hotfix.

Yes, I've checked the MDC. I don't have the hotfix, my mother doesn't have it, and the neighbors I've checked with don't have it. Therefore a reasonable conclusion is that a large number of AT&T users remain unpatched.

I'm happy for you U-verse customers who have the fix, but the reality is that U-verse is new and represents the minority of users.



jr9730

join:2000-11-22
Torrance, CA

What version gateway do you have? The fix has hit a majority of ATT users at this time?



no_fix_4me

@sbcglobal.net

See above - from me and others who haven't been updated.



jr9730

join:2000-11-22
Torrance, CA

All older gateways should be almost done now too I think - send me a message and dont be anon so we can commuicate with you..