|reply to jandar1 |
Re: 2Wire Cross Site Request Forgery Vulnerability
said by jandar1:This sounds nice but 2Wire/AT&T must be rolling it out slowly - its apparantly only available to some people so far.
With a system password set, none of those exploits work. It always prompts me to enter my current pass. Simple enough fix.
If I go to "View Available System Upgrades" on my AT&T/2Wire 2701HG-B, which has never been updated since it came from AT&T, it shows none available....Software version is 188.8.131.52. :-(
So, while a fix is supposedly out there, its apparantly not out there for everyone yet.
said by sasparilla:AT&T claims they've already rolled it out to the majority of its customers. »tech.slashdot.org/tech/08/04/08/···14.shtml
This sounds nice but 2Wire/AT&T must be rolling it out slowly - its apparantly only available to some people so far.
None of this helps us poor HomePortal 1xxx users, since we can't use 5.xx firmwares. No update for us, it seems. My 1701HG remains very hackable. »AT&T claims this is fixed???
|reply to sasparilla |
Note that the fix may not be in the form of a firmware upgrade. AT&T first fixed this issue on the 3800 series with a UI Hotfix that got applied. The firmware upgrade included the hotfix in it's code so the hotfix was no longer needed.
It might take awhile, but at least they are trying.