Comments on: Time Warner cable modem/router major security hole

By: skeptikal

skeptikal — Thu, 05 Nov 2009 00:37:08 +0000

This might actually be a big deal.. except you still have to log in to the GUI before you use the exploit.
As for why TW is even turning on the public-facing login, I have no idea.

By: Mark

Mark — Tue, 27 Oct 2009 14:30:01 +0000

Does this mean disabling Javascript in Firefox OR Internet Explorer while connecting to the device?

By: Gaping security hole in Time Warner cable routers | War On You: Breaking Alternative News

Tue, 27 Oct 2009 03:38:49 +0000

[...] Chen explains: After poking around using the customer account, I found that access to the admin features of the router has been disabled via Javascript. You heard me correct, the web admin for the router simply uses a script to hide certain menu options when the user does not have admin privileges. By simply disabling Javascript in the browser, I was able to access all the features of the router. With that access, I am now able to change the wifi settings, port-forwarding, etc. [...]

By: Some Time Warner Cable modems have major security flaw - The Gadgetress - OCRegister.com

Mon, 26 Oct 2009 23:25:02 +0000

[...] The SMC8014WG-SI, used by an untold number of Time Warner Cable customers, has a serious security hole that “allows anyone to access your private network and possibly capture and manipulate your private data,” according to David Chen, who blogs about the breach at Chenosaurus.com. [...]

By: my california adventures - startups, software, skateboarding

my california adventures - startups, software, skateboarding — Mon, 26 Oct 2009 05:43:28 +0000

[...] received incredible response from the Time Warner modem/router security issue I wrote about last week. It was immediately picked up by Wired, Cnet, PC World, Consumerist, and [...]

By: Tasunke’s Random Ramblings / Major Time-Warner Modem/Router security flaw

Tasunke’s Random Ramblings / Major Time-Warner Modem/Router security flaw — Sat, 24 Oct 2009 08:28:43 +0000

[...] above. Words fail me at this point, so let me just quote the guy who found this, Dave, from his blog. After poking around using the customer account, I found that access to the admin features of the [...]

By: Paul

Paul — Fri, 23 Oct 2009 16:59:20 +0000

Sounds even worse than this problem! http://www.jibble.org/o2-broadband-fail/

By: Gaping security hole in Time Warner cable routers « The Daily Blahg

Gaping security hole in Time Warner cable routers « The Daily Blahg — Fri, 23 Oct 2009 15:15:36 +0000

[...] disabling JavaScript in the browser to access hidden features in the router’s admin interface. Chen explains: After poking around using the customer account, I found that access to the admin features of the [...]

By: noted » Blog Archive » Only half the threat - and most of the answer.

noted » Blog Archive » Only half the threat - and most of the answer. — Fri, 23 Oct 2009 02:36:55 +0000

[...] be slashdotted. (Edit: no longer. I also indulged myself with a comment on the slashdot story and the blog post, both came late in the game. No, I’m not selling anything nor do I get ad revenue.) In any [...]

By: Adam Lipstadt

Adam Lipstadt — Fri, 23 Oct 2009 02:31:45 +0000

The way these things are deployed, you don’t need to even bother cracking WEP.

http://www.lipstadt.com/noted/archives/120