Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability Discussion: Ericsson HM220dp is a small office enviroment ADSL modem, distributed by many Carriers such as Telecom Italia to thousand users. It may be administered remotely through a number of mechanisms, including a web based interface. Unfortunately, the web interface does not require authentication and does not give the possibility to require it. Unauthorized users accessing the web pages may perform a variety of malicious actions. By the way Ericsson forced the modem in "Bridged" mode with a modified firmware, so the web administration page could not be accessed from Internet but "just" from any user of the lan. It is possible that other products of the same series share this vulnerabilty. Solution: Ericsson has been contacted months ago but it's not still providing an updated firmware version that could prevent the problem ignoring it. Credits: Davide Del Vecchio would like to thank in primis his love Mara, his coworkers of the security and monitoring staff @ Banca Mediolanum. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. ^^^^^^^^ Please send suggestions, updates, and comments to: Davide Del Vecchio - danteat_private / securityat_private www.alighieri.org
This archive was generated by hypermail 2b30 : Tue Feb 11 2003 - 06:14:07 PST