reply to ctceo
Re: AT&T claims this is fixed???
said by ctceo:So it sounds like there's a fixed beta 4.25.19 out there, or perhaps you have the UI hotfix that was mentioned. How did you get your beta version? My 4.25.19 is still vulnerable:
I'm running in the BETA pool 4.25.19 on a 1000HG
Exploit 1 brings up the "Page not Found" screen.
Exploit 2 brings up the "Enter the Password" Screen.
If your passwords were set to "admin", you'd definitely have a problem on your hands
For me, the exploit works regardless of the password I have set. I've always had a strong password (8 characters, with numbers/punctuation), but the first exploit resets the password to "admin".
Apparently AT&T has not deployed the hotfix to me. Wish I could get updated - my 1701HG always tells me I have the latest version.
South Bend, IN
I've been on several hundred BETA lists in the last 15 years, Games, Hardware, Software, MMO's, and I actually have to turn down some that I otherwise would love to participate in. As for the 2Wire, I was chosen based on a questionaire that I got when I subscribed for at&t DSL back in early 2000. Since then I've had the pleasure of being part of the test groups. For a couple models and about 2 or 3 firmwares, Including the latest 4.25.19 .
They've been hush hush about the vulnerability, so I'm sure based on that and my experience with other earlier problems that the hardware had, they're working on it. Due to that pretty pink sheet of paper that I have labeled Non-Disclosure Agreement blah blah, blah blah; in BOLD and UNDERLINE, I cannot comment any further.
reply to no_fix_4U
It's a hotfix, not a firmware change. I have U-verse and they first pushed out a hotfix then they updated the firmware fixing some other things. look at your MDC page: »home/mdc at the bottom of the System Settings page and look for hotfix or uihotfix. My brother has normal adsl and he has the patch and I believe it says hotfix. Oh, he has a 2701(?) and the firmware didn't change, just a component was added.
»New Firmware for 3800 Series
U-verse isn't the universe Ok, I understand that on a 2Wire forum, some fanboys will come out in defense, but it's foolish to claim that everything's hunky-dory because a very small subset - U-verse and a select few others - have the hotfix.
Yes, I've checked the MDC. I don't have the hotfix, my mother doesn't have it, and the neighbors I've checked with don't have it. Therefore a reasonable conclusion is that a large number of AT&T users remain unpatched.
I'm happy for you U-verse customers who have the fix, but the reality is that U-verse is new and represents the minority of users.
What version gateway do you have? The fix has hit a majority of ATT users at this time?
See above - from me and others who haven't been updated.
All older gateways should be almost done now too I think - send me a message and dont be anon so we can commuicate with you..