[19328] in bugtraq
Re: Security flaw in Telocity's "Gateway Modem"
daemon@ATHENA.MIT.EDU (Shane Youhouse)
Thu Feb 22 13:09:50 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <0315D0456448D4119BA80040F674F1B3428265@EXCH-HOU>
Date: Thu, 22 Feb 2001 08:03:56 -0600
Reply-To: Shane Youhouse <Shane.Youhouse@GOODMANMFG.COM>
From: Shane Youhouse <Shane.Youhouse@GOODMANMFG.COM>
X-To: Emre Yildirim <emre@SRENGINEERING.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
>On Tuesday 20 February 2001 18:29 US Central Time, Kras Hish wrote:
>> Telocity provides DSL to their customers through what they call the
>> Telocity "Gateway Modem".
>> In the modems, you can connect to them through your web browser to view
>> usage statistics, your assigned IP, the DHCP server IP (Modems IP),
>> Management's IP (Modem's IP, different than the previous), DNS IP, and
the
>> hardware software version information.
>>
>> In the older model modem, it is possible to remotely view the "Details"
>> section of the modem, thus reveling all the above mentioned information
to
>> a possible intruder. Telocity has numbered their gateways in sequential
>> order, so it would be possible to write a script that would search for
>> http://123.123.123.1/stats in a range of addresses. Of course is the
ever
>> interesting URL http://123.123.123.1/admin which prompts you for a
>> username/password combo to access what? (any information on this would be
>> great)
>How is this a "security flaw"?
Anything that gives out information about the network is a security flaw,
unless
you explicitly allow it.
>It displays your connection's status as well
>as hardware information of your DSL modem.
And you don't see a problem with that?
Find an exploit (SNMP, buffer overflow, etc.) that will exploit that model
router.
Gee, now isn't it nice that a simple shellscript will show you everything
about that
particular router on a complete subnet? Seems that would allow a hax0r to
find out,
exploit, and possibly find passwords for other datacomm / root /
administrator accounts.
(We all know how many people REALLY follow the password rules, never reuse,
never duplicate,
etc.)
This is really useful, especially
>if you run a server off your Telocity DSL line. It let's you check on your
>connection remotely, so you can check status of your DSL from anywhere.
If you run a server off the dsl line, what is wrong with typing
www.thisismyaddress.com to check
the status. Nothing comes up, its down. If you get a page, its up. With
no security risk.
I
>think this is a feature, rather than a bug.
You define features a la Microsoft.
Toll_Free
