Bugtraq mailing list archives
Re: Security flaw in Telocity's "Gateway Modem"
From: bugtrax () HOTMAIL COM
Date: Fri, 23 Feb 2001 07:43:30 -0000
Of course is the ever interesting URL http://123.123.123.1/admin which
prompts you for a
username/password combo to access what? (any
information on this would be
great)
The admin password is apparently downloaded during configuration through your browser (not SSL ;-). Your IP address seems to be based on your phone number, as you need to enter your phone number to activate the gateway. It looks to be IP address or phone number based, as this was verified with two different gateways and both gateways became programmed with the same admin password. I will post a followup to this if I can narrow it down. You will then have several options (pull down menu): Download configuration Reboot Erase Downloaded Configuration Set Ethernet as Routeable Interface Set Parallel as Routeable Interface Set USB as Routeable Interface Erase Delta Image Invert Cloaked State of FW/NAT Haven't tried the last two (!). The parallel option is available on gateways without the parallel interface (on the case, anyway). My guess is that the access to the gateway is IP based so that Telocity can do some remote troubleshooting as well.
Current thread:
- Security flaw in Telocity's "Gateway Modem" Kras Hish (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Don Hammond (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Emre Yildirim (Feb 21)
- Re: Security flaw in Telocity's "Gateway Modem" Kras Hish (Feb 22)
- <Possible follow-ups>
- Re: Security flaw in Telocity's "Gateway Modem" Shane Youhouse (Feb 22)
- Re: Security flaw in Telocity's "Gateway Modem" bugtrax (Feb 23)