HWZ Forums

Login Register FAQ Mark Forums Read

Remember to update your Modem filmware!

Like Tree1Likes
  • 1 Post By hlots123
Share This Page
HardwareZone.com on Facebook
Reply
 
LinkBack Thread Tools
Old 03-12-2014, 03:53 PM   #1
Supremacy Member
 
dezzo69's Avatar
 
Join Date: Aug 2005
Posts: 8,592
Remember to update your Modem filmware!

Just to share with the community:

Out of the blue I was getting russian pop-ups and ads while surfing normally.





this is the 2nd time this has happened. The last time was around September and I asked about it here:

finrussia.ru pop-up

I dug around for info and to my horror Avast prompted me that my modem settings is extremely vulnerable to being hacked and advised me to update my filmware. I found that odd because I remembered updating the filmware before but apparently there is a very recent update.

Things seem to be okay now and will be monitoring if it stays this way.

Cheers
dezzo69 is offline   Reply With Quote
Old 03-12-2014, 03:55 PM   #2
Supremacy Member
 
dezzo69's Avatar
 
Join Date: Aug 2005
Posts: 8,592
tp-link td-w8901G a very old modem.

filmware vers is now V3_140512
dezzo69 is offline   Reply With Quote
Old 03-12-2014, 04:54 PM   #3
Master Member
 
hlots123's Avatar
 
Join Date: Apr 2006
Posts: 4,555
background info abt rom-0 vulnerability...

https://blog.avast.com/2014/11/13/ne...it-completely/
PIOTRBANIA.COM :: Hacking and patching TP-LINK TD-W8901G router
How I saved your a** from the ZynOS (rom-0) attack !! ( Full disclosure ) | Root@Nasro
Attackers alter DNS configurations remotely, compromise 300K routers - SC Magazine

The attack is made possible due to default SOHO settings that are vulnerable to password guessing, as well as brute force log-on attempts because the graphical user interface was accessible from the internet, according to the report, which adds that compromise via Cross-Site Request Forgery may also be possible.

“A considerable number of the remotely accessible devices also appeared vulnerable to the “ROM-0” vulnerability published in early January,” according to the report. “This vulnerability in ZyXEL's ZynOS allows attackers to download the router's configuration file from the unauthenticated GUI URL http://[IP address]/rom-0.”
Me: Is the page password protected ?
Me: No !!! I tired to access that page on a different IP and it didn’t require a passowrd !
Ok, enough questions haha ..

Now, when I activated TamperData and clicked “ROMFILE SAVE” I’ve found out that the rom-0 file is located on “IP/rom-0″ and the directory isn’t password protected or anything.
...
When you upload and submit the rom-0 file there, the php page replies back with the configuration in clear text ( INCLUDING THE PASSWORD ) .
...
Now ! how do you prevent attackers from downloading your rom-0 configuration file and manipulating your router ? This is pretty simple if you think about it ..
You just have to forward port 80 on the router to and inused IP address on your network
dezzo69 likes this.
hlots123 is offline   Reply With Quote
Old 03-12-2014, 08:56 PM   #4
Greater Supremacy Member
 
mrclubbie's Avatar
 
Join Date: Oct 2008
Posts: 79,664
Hmm...I better update mine too.
__________________
The colour blue heals one's heart
mrclubbie is online now   Reply With Quote
Old 23-12-2014, 01:49 PM   #5
Master Member
 
hlots123's Avatar
 
Join Date: Apr 2006
Posts: 4,555
Misfortune Cookie by Check Point
http://mis.fortunecook.ie/misfortune...whitepaper.pdf
http://mis.fortunecook.ie/misfortune...vulnerable.pdf

fyi another vulnerability CVE-2014-9222 (Misfortune Cookie, affected software is the embedded web server RomPager from AllegroSoft)
ive not really read (dun think i'll really understand), but ur router in the suspected vulnerable list...
hlots123 is offline   Reply With Quote
Reply
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Terms of Service for more information.


Thread Tools

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On