http://www.zdnet.com/article/millions-of-routers-vulnerable-to-unpatched-reboot-flaw/
In article <c8854324eae8e8977009ee17a2d1c7c1@anemone.mooo.com>
Jeremy Bentham <nobody@anemone.mooo.com> wrote:
http://www.zdnet.com/article/millions-of-routers-vulnerable-to-unpatched-reboot-flaw/
That zdnet article is erroneous and inaccurate.
Resetting those cable modems does nothing but cause them to
reboot and reload a config file.
BUT, an attacker has to be ON a PRIVATE RFC 1918 network,
inaccessible from the Internet in ALL cases.
They would also have to connect to each modem in order to
accomplish said feat. It would take a very long time to scan
the entire address space and find any modems in it.
Article grade, D--.
In article <c8854324eae8e8977009ee17a2d1c7c1@anemone.mooo.com>
Jeremy Bentham <nobody@anemone.mooo.com> wrote:
http://www.zdnet.com/article/millions-of-routers-vulnerable-to-unpatched-reboot-flaw/
That zdnet article is erroneous and inaccurate.
Resetting those cable modems does nothing but cause them to
reboot and reload a config file.
BUT, an attacker has to be ON a PRIVATE RFC 1918 network,
inaccessible from the Internet in ALL cases.
They would also have to connect to each modem in order to
accomplish said feat.
It would take a very long time to scan
the entire address space and find any modems in it.
On Mon, 11 Apr 2016 12:10:23 +0200 (CEST), Anonymous Remailer (austria) wrote:
In article <c8854324eae8e8977009ee17a2d1c7c1@anemone.mooo.com>
Jeremy Bentham <nobody@anemone.mooo.com> wrote:
http://www.zdnet.com/article/millions-of-routers-vulnerable-to-unpatched-reboot-flaw/
That zdnet article is erroneous and inaccurate.
Resetting those cable modems does nothing but cause them to
reboot and reload a config file.
But if that config file contents were reset to factory defaults it
might not connect to the ISP provider.
BUT, an attacker has to be ON a PRIVATE RFC 1918 network,
inaccessible from the Internet in ALL cases.
But you do not understand the exploit. As far as the modem is
concerned it saw the reset from the user on the LAN.
They would also have to connect to each modem in order to
accomplish said feat.
They don't have to. The user gets it when looking at an infected web page.
As the article indicated it is a LAN side exploit.
It would take a very long time to scan
the entire address space and find any modems in it.
Just how many users do you think get into their modem and change the
LAN gateway address.
The address and web page is hard coded for that modem. See http://192.168.100.1/cmConfigData.htm?BUTTON_INPUT1=Reset+All+Defaults
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 60:43:38 |
Calls: | 6,654 |
Calls today: | 6 |
Files: | 12,200 |
Messages: | 5,331,524 |