BSNL Modems Exploit
62 views
Skip to first unread message
PraKash
Aug 28, 2009, 10:55:46 AM8/28/09
to null-...@googlegroups.com, owasp-b...@lists.owasp.org
Just got hand of it, thought of sharing with you all.
As per my knowledge, BSNL India gives 80 % of users ZTE modems. Specifically - ZXDSL 831 II.
here are few exploits out on wild.. watch out.
Change Admin Password & get full access to the modem
http://192.168.1.1/adminpasswd.cgi
URL Below gives access to configuration of the modem and you can get PPPOE user & password with any Asterisk Password Revealers
http://192.168.1.1/vpivci.cgi
Is anyone aware at BSNL or informed them ? If they dont push a firmware update (Hope they do) there are lakhs of Indian users at risk.
If you are BSNL User with this modem, watch out.
- Prakash
As per my knowledge, BSNL India gives 80 % of users ZTE modems. Specifically - ZXDSL 831 II.
here are few exploits out on wild.. watch out.
Change Admin Password & get full access to the modem
http://192.168.1.1/adminpasswd.cgi
URL Below gives access to configuration of the modem and you can get PPPOE user & password with any Asterisk Password Revealers
http://192.168.1.1/vpivci.cgi
Is anyone aware at BSNL or informed them ? If they dont push a firmware update (Hope they do) there are lakhs of Indian users at risk.
If you are BSNL User with this modem, watch out.
- Prakash
wene@t .
Aug 28, 2009, 1:19:08 PM8/28/09
to null-...@googlegroups.com
hii prakash ,
sry to say bt the links didnt work,got page load error dunno y.ll chk it out again.
sry to say bt the links didnt work,got page load error dunno y.ll chk it out again.
thanks
vineet.
Harsh Patel
Aug 28, 2009, 2:06:20 PM8/28/09
to null-...@googlegroups.com
hi ther
I know in Mumbai there was a update recall on BSNL+MTNL modems during May 2009 and services. And there based on this there is a huge probability that the flaw might have been sealed off either from the their point or via client update.
2009/8/28 wene@t . <vinee...@gmail.com>
Niranjan Patil
Aug 29, 2009, 12:52:25 AM8/29/09
to owasp-b...@lists.owasp.org, null-...@googlegroups.com
Dear Prakash,
This is a good discovery. I recommend you to report this to the CPE vendor, ZTE and the service provider, BSNL. Of course, they don't have vulnerability reporting channel with them, at least we can report it through tech support or to senior officials in BSNL. You can also report it to CERT India, which is now being strengthened with more power and responsibility. You need to provide sufficient proof of exploitation for them to act.
To over come such vulnerabilities or other weak implementations (in earlier Huawei and other modems), you can configure your computer to directly dial-in using PPPoE (if you have a single computer) or use another router like Linksys, Netgear or Dlink (which seem to have better and secure implementation) and configure PPPoE dial in through the modem. This effectively turns the BSNL router/modem into a dumb device, working just as a modem. This method does not fix the actual vulnerabilities but reduces the attack surface.
Unfortunately, I don't have a ZTE modem to test this vulnerability.
Below are some contact you can use:
Regards,
Niranjan Patil, CISSP, CCNA
Information Security Consultant
http://outscribe.org
http://www.linkedin.com/in/niranjanpatil
On Fri, Aug 28, 2009 at 8:25 PM, PraKash <praka...@gmail.com> wrote:
_______________________________________________
OWASP-Bangalore mailing list
OWASP-B...@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-bangalore
Reply all
Reply to author
Forward
0 new messages