Re: Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability

[John "Jørgensen" <john () safe2day dk>]

In-Reply-To: <5.1.1.5.0.20030213100935.02108210 () mail varberg se>

> Not according to my contacts at Ericsson. The vulnerability is limited 
to 
> one batch of 6000 modems delivered to the Italian market, which is bad 
> enough! The entire 220 series was discontinued in 2001.

It may be that 220 series was discontinued in 2001, but according to a 
former pressrelease Ericsson did in fact deliver more than 200.000 modems 
(HM220dp og HM120dp) to Telecom Italia ,- 
http://www.ericsson.com/about/publications/contact/arc/cont11_01/brief.shtm
l

Additionally the hm220,- in bridged mode though, has been distributed by a 
telco in Denmark until recently (3 months ago).

However and as previously mentioned by Davide Del Vecchio, when operated 
in "Bridged mode" which is the primary option for the traditional Telecom 
operators, who have bought the lion share of all units shipped, users are 
not affected.

Further, the security issue is not possible to cause from the WAN side of 
the modem and require manipulation of user devices on the LAN side in 
order to occur, as mentioned by Davide Del Vecchio.

As such the impact on end-user is narrowed down to a temporary disturbance 
to their DSL service and it can easily be solved by doing a factory reset 
of the modem, according to the process described in the manual.

> > Solution:
> > Ericsson has been contacted months ago but it's not still providing an 
> > updated firmware version that could prevent the problem ignoring it.

As the vulnerability only affect operation in "Routed Mode", I can inform 
that Ericsson within shortly will develop a new firmware release for the 
end-users operating the device in Routed mode and it goes without saying 
that this new firmware version will eliminate the problem permanently for 
any mode of operation.

Regards
John Joergensen
Safe2day.dk