Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability

["Davide Del Vecchio" <dante () alighieri org>]

Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability 

Discussion: 

Ericsson HM220dp is a small office enviroment ADSL modem, distributed
by many Carriers such as Telecom Italia to thousand users.
It may be administered remotely through a number of mechanisms,
including a web based interface.
Unfortunately, the web interface does not require authentication
and does not give the possibility to require it.
Unauthorized users accessing the web pages may perform a variety of 
malicious actions.
By the way Ericsson forced the modem in "Bridged" mode with a modified 
firmware, so the web administration page could not be accessed from Internet 
but "just" from any user of the lan. 

It is possible that other products of the same series share this 
vulnerabilty. 


Solution: 

Ericsson has been contacted months ago but it's not still providing an 
updated firmware version that could prevent the problem ignoring it. 


Credits: 

Davide Del Vecchio would like to thank in primis his love Mara,
his coworkers of the security and monitoring staff @ Banca Mediolanum. 


Disclaimer: 

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event shall
the author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.
^^^^^^^^ 

Please send suggestions, updates, and comments to:
Davide Del Vecchio - dante () alighieri org / security () phx it
www.alighieri.org