[28876] in bugtraq
Re: Ericsson HM220dp ADSL modem Insecure Web Administration
daemon@ATHENA.MIT.EDU (Fredrik =?iso-8859-1?Q?Bj=F6rk?=)
Thu Feb 13 16:35:59 2003
X-Envelope-From: Fredrik.Bjork.List@varbergenergi.se
X-Envelope-To: <bugtraq@securityfocus.com>
Message-Id: <5.1.1.5.0.20030213100935.02108210@mail.varberg.se>
Date: Thu, 13 Feb 2003 10:17:28 +0100
To: bugtraq@securityfocus.com
From: Fredrik =?iso-8859-1?Q?Bj=F6rk?= <Fredrik.Bjork.List@varbergenergi.se>
In-Reply-To: <20030211073710.11012.qmail@mx8.aruba.it>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 08:37 2003-02-11 +0100, you wrote:
>Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability
>Discussion:
>Ericsson HM220dp is a small office enviroment ADSL modem, distributed
>by many Carriers such as Telecom Italia to thousand users.
>It may be administered remotely through a number of mechanisms,
>including a web based interface.
>Unfortunately, the web interface does not require authentication
>and does not give the possibility to require it.
>Unauthorized users accessing the web pages may perform a variety of
>malicious actions.
>By the way Ericsson forced the modem in "Bridged" mode with a modified
>firmware, so the web administration page could not be accessed from
>Internet but "just" from any user of the lan.
>It is possible that other products of the same series share this
>vulnerabilty.
Not according to my contacts at Ericsson. The vulnerability is limited to
one batch of 6000 modems delivered to the Italian market, which is bad
enough! The entire 220 series was discontinued in 2001.
>Solution:
>Ericsson has been contacted months ago but it's not still providing an
>updated firmware version that could prevent the problem ignoring it.
If Ericsson is completely ignoring this issue, it is not good! However, it
seems that they have provided an upgrade to limit unauthenticated access to
the LAN side of the modem, which could be considered an acceptable solution.
/Fredrik
