Bugtraq mailing list archives
Re: Security flaw in Telocity's "Gateway Modem"
From: Emre Yildirim <emre () SRENGINEERING COM>
Date: Wed, 21 Feb 2001 16:09:58 -0600
On Tuesday 20 February 2001 18:29 US Central Time, Kras Hish wrote:
Telocity provides DSL to their customers through what they call the Telocity "Gateway Modem". In the modems, you can connect to them through your web browser to view usage statistics, your assigned IP, the DHCP server IP (Modems IP), Management's IP (Modem's IP, different than the previous), DNS IP, and the hardware software version information. In the older model modem, it is possible to remotely view the "Details" section of the modem, thus reveling all the above mentioned information to a possible intruder. Telocity has numbered their gateways in sequential order, so it would be possible to write a script that would search for http://123.123.123.1/stats in a range of addresses. Of course is the ever interesting URL http://123.123.123.1/admin which prompts you for a username/password combo to access what? (any information on this would be great)
How is this a "security flaw"? It displays your connection's status as well as hardware information of your DSL modem. This is really useful, especially if you run a server off your Telocity DSL line. It let's you check on your connection remotely, so you can check status of your DSL from anywhere. I think this is a feature, rather than a bug.
Current thread:
- Security flaw in Telocity's "Gateway Modem" Kras Hish (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Don Hammond (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Emre Yildirim (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Kras Hish (Feb 22)
- <Possible follow-ups>
- Re: Security flaw in Telocity's "Gateway Modem" Shane Youhouse (Feb 22)
- Re: Security flaw in Telocity's "Gateway Modem" bugtrax (Feb 23)