EXPLOIT for Conextant Chipset ADSL Router

[magneto]

THE EXPLOIT:

If you are using a Conextant Chipset Router (Telkom POTS,
Microcom - etc) the following exploits exist (EVEN, if you have changed
the Admin Username and Password).

If you Telnet to the IP Address of the router on Port 254 you now have
access to an interface to create a new user on the router and/or default
the router (users may the re-enter their settings without setting up
necessary security)

If you log into the Web Interface of the Router with the Web Interface
there is a Back Door Username: 'user' with password 'password'. (this
seems to exist on most routers that use Conextant chipsets).

If you are logged in as user you can view the source of the WAN Set-up
and you now have the DSL username and password.


THE FIX:

Map port 254 to an arbitrary unused address.

Change the user password of 'user' to some high level password.

ROFL have fun ppl...

 

[bwana]

Thanks - not sure what chipset I have (SMC) but it says "No address associated with nodename" when I try.

 

[Bondizzo]

isn't there a way to disable the port completley ? or can u set the firewall inbound/outboundband policy to block it ? you know someone with a port scanner can just scan your ip and then try telneting to each open port so moving the port wont fix much

 

[magneto]

isn't there a way to disable the port completley ? or can u set the firewall inbound/outboundband policy to block it ? you know someone with a port scanner can just scan your ip and then try telneting to each open port so moving the port wont fix much

if u read at the bottom of my post there is a fix...

yes u would use your firewall inbound/outband policy

 

[xpuser]

Tried on my Billion 7402R2 (w/ Conexant Argon 432) and no success, so I'm assuming this exploit doesn't apply to all Conexant chipsets?

 

[GangStarr]

THE FIX:

Map port 254 to an arbitrary unused address.

Change the user password of 'user' to some high level password.

ROFL have fun ppl...

as well as port 255