BugTraq
Asus AAM6000EV ADSL Router Wide Open Jul 14 2003 06:45PM
cw (security fidei co uk) (2 replies)
Re: Asus AAM6000EV ADSL Router Wide Open Jul 15 2003 02:16PM
Michael Renzmann (security dylanic de)
Re: Asus AAM6000EV ADSL Router Wide Open Jul 15 2003 01:01PM
Ben Wheeler (jammin life eu org) (2 replies)
Re: Asus AAM6000EV ADSL Router Wide Open Jul 15 2003 10:44PM
cw (security fidei co uk)
Re: Asus AAM6000EV ADSL Router Wide Open Jul 15 2003 01:50PM
cw (security fidei co uk) (1 replies)
On Tue, 15 Jul 2003 14:01:34 +0100, Ben Wheeler wrote:
> It's far worse than that, if the state in which my router was
> supplied is typical. As I received it, the webserver was enabled by
> default, *and* was accessible from the internet as well as the
> local network.

I too got my router from Solwise however I do not find this to be the case. I have no ip filters set up yet both the telnet and web servers are only accessible from the local network. This was true with both 71205a10 and 71205a32 firmware.

> Fortunately this
> has been fixed in the last flash update (71205a32) but this same
> update also removes the requirement to specify a username. You now
> only need any one of the valid passwords to login.

I did notice that too

*waits for another round of out of office/dead mailbox auto-responders*

[ reply ]
Re: Asus AAM6000EV ADSL Router Wide Open Jul 16 2003 06:17AM
Michael Renzmann (security dylanic de)


 

Privacy Statement
Copyright 2010, SecurityFocus