Warning about the new F2000 modem supplied by Eircom with E-Fibre

CountyHurler · 08-04-2015 12:52pm #1

Hi,

I arrived out to install e-fibre on a site yesterday and found one of these new F2000 devices connected to the E-Fibre line.

I tried to configure it the same way as we have been configuring D1000s and F1000s for the last three years but it seems there is a bug with it. You are currently unable to change the LAN Interface subnet mask on the device... Tried it every which way when I was on the site, but ended up having to put in a spare F1000 after spending an hour talking to Eircom "support", who told me that it was a customer site configuration problem ... (in spite of the fact that it was Eircom who had told me to use the current setup we are using). He also said that he was unaware of any firmware update that addresses the issue. Eircom support are an absolute waste of time anyway tbh...

I googled around the issue and it seems that a company in NZ are aware of the problem with the device, which is actually a Huawei HG659b
https://www.spark.co.nz/help/internet-data/equipment/huawei/hg659-gateway/changing-the-lan-host-ip-address-huawei-hg659-hg659b/

Important: Currently you are unable to change the Subnet Mask on the Huawei HG659. We are working on resolving this issue.

Has anybody else experienced this problem?

ED E · 08-04-2015 1:57pm

If Spark have the issue too its a Huawei bug, it'll be up to them to fix it.

paconarvaez · 16-04-2015 9:34pm

i recently changed my modem from f1000 to the new f2000 because i heard the wifi was better, and everything works except my sky b/b connecter , it one of those little black connecters with the wps button , but when i press the wps on my modem and activate my sky connecter it dosent see my modem. has anyone else had this prob. thanks for your time,

yuloni · 18-04-2015 9:59pm

This post has been deleted.

mass_debater · 19-04-2015 4:28pm

If you are using something different to a /24 subnet why are you not bridging the modem and providing your own router and firewall

CountyHurler · 23-04-2015 11:50am

mass_debater wrote: »

If you are using something different to a /24 subnet why are you not bridging the modem and providing your own router and firewall

Dont get me started on this... All of the sites used to be set up with the D1000/F1000s in bridge mode, so that the sites only required one IP address.... That was until we discovered that both D1000 and F1000s changed from bridge mode BACK to routing mode if the power was cut for any reason.

mass_debater · 23-04-2015 12:01pm

CountyHurler wrote: »

Dont get me started on this... All of the sites used to be set up with the D1000/F1000s in bridge mode, so that the sites only required one IP address.... That was until we discovered that both D1000 and F1000s changed from bridge mode BACK to routing mode if the power was cut for any reason.

That's a new one, I've never encountered this and I've setup plenty of them. Are you sure nobody's pressing the reset?

CountyHurler · 25-04-2015 6:38pm

mass_debater wrote: »

That's a new one, I've never encountered this and I've setup plenty of them. Are you sure nobody's pressing the reset?

Nah, I've tried it myself... Take a D1000, and configure it for bridge mode... Then pull the power on it, and it returns to Routing mode... Had the same issues with the F1000. We've had to order 4 IPs for every site and configure a routed connection.

We tried replacing the D1000/F1000 with a Cisco or Zyxel device which is stable in bridge mode... But we found that if there are any issues with the line.... Eircom will not provide support unless one of their devices (i.e. the D1000 or F1000) is connecting to the line...

ainiseoir · 10-06-2015 1:48pm

" Eircom support are an absolute waste of time anyway tbh... "

You can sing that. I contacted them yesterday and it was a heart scald listening to somebody from the subcontinent scrambling through the manual.
I have the bloody manual myself.
Have they outsourced the technical support ?

Bazideluxe · 01-07-2015 9:59pm

Guys can anyone check if you have this wifi bug I found please?

Got new F2000 today and whenever I try to hide SSID, the wifi goes OFF:

ninkovicz · 18-08-2015 5:58pm

You are messing with wrong settings mate.... Go to Home Network....Wireless settings ....Advance settings and you will be able to HIDE SSID...

ihastakephoto · 10-09-2015 10:58pm

there is a password which eircom support are using which gives them admin rights to your modem. Thats all fine if this is protected and known only to eircom staff, however, after 3 minutes of webchat, the support tech gave me the password. I asked if it was common use and he said, it was "like some kind if backdoor for all eircom routers"
Imma upgrade my firmware and debrand asap.... after I remove the support account from mine, I will approach eircom about a disclosure through appropriate channels

jca · 10-09-2015 11:45pm

ihastakephoto wrote: »

there is a password which eircom support are using which gives them admin rights to your modem. Thats all fine if this is protected and known only to eircom staff, however, after 3 minutes of webchat, the support tech gave me the password. I asked if it was common use and he said, it was "like some kind if backdoor for all eircom routers"
Imma upgrade my firmware and debrand asap.... after I remove the support account from mine, I will approach eircom about a disclosure through appropriate channels

Get a life ffs...

roast · 10-09-2015 11:52pm

ihastakephoto wrote: »

there is a password which eircom support are using which gives them admin rights to your modem. Thats all fine if this is protected and known only to eircom staff, however, after 3 minutes of webchat, the support tech gave me the password. I asked if it was common use and he said, it was "like some kind if backdoor for all eircom routers"
Imma upgrade my firmware and debrand asap.... after I remove the support account from mine, I will approach eircom about a disclosure through appropriate channels

I wouldn't consider this a particularly devious or malicious security issue, it's by design. It's fairly common for ISP-provided equipment to have remote management access for the likes of firmware updates, remote troubleshooting and diagnosis. See TR-069 here.

If you can answer all the troubleshooting questions should a fault arise and thus not require remote assistance, then I'm sure Eircom, Vodafone and the like don't really care if you disable it anyway. :pac:
There are some security issues with TR069 but that goes with for any protocol really.

ihastakephoto · 11-09-2015 12:04am

@jca says the guy reading the forum at midnight himself and feeling the need to comment about someone else's life..

@roast the issue is in the fact that they gave out the password... with very little effort I can now collect ip addresses of anyone who visits my site, determine if theyre using the same modem, if so, remotely access and change their passwords, reboot their modem, install my own firmware....the list goes on.

roast · 11-09-2015 12:11am

ihastakephoto wrote: »

@roast the issue is in the fact that they gave out the password... with very little effort I can now collect ip addresses of anyone who visits my site, determine if theyre using the same modem, if so, remotely access and change their passwords, reboot their modem, install my own firmware....the list goes on.

Hold on, you're saying you can remotely login to other users routers and do the above? You can't... by default, TR-069 is configured to only allow access from a certain source (in this case, Eircom). It's not like any randomer can login and start arsing with your settings. You can enable access from other IPs, but only if you're logged into the router already.

jca · 11-09-2015 12:12am

Well at least I'm not worrying about my isp looking at my router configuration....

jca · 11-09-2015 12:16am

ihastakephoto wrote: »

@jca says the guy reading the forum at midnight himself and feeling the need to comment about someone else's life..

@roast the issue is in the fact that they gave out the password... with very little effort I can now collect ip addresses of anyone who visits my site, determine if theyre using the same modem, if so, remotely access and change their passwords, reboot their modem, install my own firmware....the list goes on.

Give us a link to your "site" I'll take a gawk at how to make a tinfoil hat and you can hack my router.....

ihastakephoto · 11-09-2015 12:28am

roast wrote: »

Hold on, you're saying you can remotely login to other users routers and do the above? You can't... by default, TR-069 is configured to only allow access from a certain soruce (in this case, Eircom). It's not like any randomer can login and start arsing with your settings. You can enable access from other IPs, but only if you're logged into the router already.

Ive logged into my own, my parents, my in laws, and restarted their connections from my office, my home and my mobile wifi.
hence my concern

ihastakephoto · 11-09-2015 12:30am

you're a gas chap, now run along, I'm sure there are loads of people you can troll before school tomorrow

jca · 11-09-2015 12:43am

ihastakephoto wrote: »

Ive logged into my own, my parents, my in laws, and restarted their connections from my office, my home and my mobile wifi.
hence my concern

That makes you the one doing wrong here. You don't find any Eircom employees logging into their parents, in laws or other people's routers. I bet you're the guy who rings people and tells them they have a virus on their computer...

roast · 11-09-2015 12:46am

Lads, will ye cop on...

Anyway

ihastakephoto wrote: »

Ive logged into my own, my parents, my in laws, and restarted their connections from my office, my home and my mobile wifi.
hence my concern

How? By HTTP? Or what port?

bk · 11-09-2015 10:43am

MOD: jca, please remember, attack the post not the poster.

In fairness, ihastakephoto absolutely has a valid concern if s/he can log into other peoples routers.

Nor would I consider it doing anything wrong to log into your relatives routers with their permission to test the theory that you have found a back door.

ED E · 11-09-2015 11:53am

I HIGHLY doubt you've found a remote exploit for the webui. The F2000 is one of the first ISP modems that uses full HTTPS/SSL on its interface. And as above TR069 pinhole will only accept a signed request from the CPE management system in eircom before it opens up its other ports to requests.

jca · 11-09-2015 1:10pm

bk wrote: »

MOD: jca, please remember, attack the post not the poster.

In fairness, ihastakephoto absolutely has a valid concern if s/he can log into other peoples routers.

Nor would I consider it doing anything wrong to log into your relatives routers with their permission to test the theory that you have found a back door.

My God I'm speechless thank God ED E has come along to put some sanity on this ridiculous thread.

bk · 11-09-2015 3:06pm

jca wrote: »

My God I'm speechless thank God ED E has come along to put some sanity on this ridiculous thread.

Well in fairness jca, Eircom does have a very bad track record of securing their routers, remember how easy it use to be to crack the WEP encryption on the old Netopia Eircom routers:

http://www.tomdoyletalk.com/2007/10/01/eircom-netopia-wireless-router-hack/

So it wouldn't be terribly surprising to discover another security issue.

This may or may not be the case, but either way one of the first rules of boards is attack the post not the poster.

dalta5billion · 11-09-2015 4:21pm

Prompted by ihastakephoto I found the same vulnerability on the F1000, and have confirmed it as exploitable in the wild.

It's a hidden account with slightly reduced privileges but enough to cause havoc (attacker can flash firmware). Users should disable all forms of remote management to mitigate.

Most likely it is the same case with the F2000, as ihastakephoto reported here. I think you should all apologise to him/her.

ED E · 11-09-2015 4:47pm

dalta5billion wrote: »

Most likely it is the same case with the F2000, as ihastakephoto reported here. I think you should all apologise to him/her.

Unlikely, F1000 is Zyxel and the F2000 is Huawei (a far more competent company IMO).

Is the password there a random char string? There are two accounts on the 2000s IIRC, admin and Supervisor, but they both use the system pasword by default, but only persons on site could read that from the label, or if they were given the WLAN PSK.

dalta5billion · 11-09-2015 4:49pm

ED E wrote: »

Unlikely, F1000 is Zyxel and the F2000 is Huawei (a far more competent company IMO).

Is the password there a random char string? There are two accounts on the 2000s IIRC, admin and Supervisor, but they both use the system pasword by default, but only persons on site could read that from the label, or if they were given the WLAN PSK.

Seemingly random, but this is hard coded into every F1000 - i.e. every F1000 will allow login with this user:pass.

Edit: also remember, Zyxel and Huawei cannot be held responsible for poor configs from ISPs

ihastakephoto · 11-09-2015 9:46pm

ok, the account username is support, which suggests to me that eircom added / request huawei add this hidden account.
I have used the same password to access 3 different routers.
I hope to get time tomorrow to update my own firmware and test.

just to clarify, these are routers of mine and family who were aware that I was testing.

ED E · 12-09-2015 9:25am

Oh eircom.....

mass_debater · 12-09-2015 10:34am

What administration options are available to this support login account?

anvilfour · 27-10-2015 12:43pm

My Cisco router with dd-wrt installed arrived today - am going to try and put my Eircom router into bridge mode tonight and use the Cisco one instead. Hopefully this will be enough.

MrGarak · 06-02-2016 3:29pm

Sorry for thread bump - but is this back door still present on both the F1000 and F2000? Was considering calling during the week to upgrade to the F2000, may look at 3rd party options now. Any up to date information on either front would be great.

John Dough · 18-01-2017 6:07pm

I know EIR sent out a new software update ti their modems a couple of months ago so maybe it is sorted or wait for experts to respond.

andrewdeerpark · 30-03-2017 7:23pm

A word of warning on the F2000 Router.

As of about 2 weeks ago Eircom rolled out a firmware update (Firmware version:V100R001C59B035) that disables the user configurable Isolated Guest Wifi access functionality. This is most useful for allowing someone on your WIFI but they have no access to any devices in your LAN and is simple to setup.

What they are doing is creating there own cluster on Wifi networks on your modem, in your house or business that is accessible to individuals registered in the my eir portal.

https://www.eirmobile.ie/opencms/export/sites/default/.content/pdf/terms/eir_wifi_terms_and_conditions.pdf

I only found out when all the guest wifi config on my F2000 modem was disabled with no way to re enable it please be warned.

Anyone with a working generic firmware that I can flash to the modem giving me back charge of the device (Huawei HG659) appreciated?

pg17 · 19-04-2017 6:50pm

The recent firmware upgrade was discussed in other threads - in particular eir replied yesterday as follows

Eir: PamelaVerified representative

April 19 2017 14:20#15

[font=Open Sans, Arial, Helvetica, sans-serif]Hi All,[/font]

The recent firmware upgrade for the F2000 removed the Guest Wifi network and replaced it with the eir Wifi service. This service allows eir Customers to use these guest networks using their My eir credentials to log in.

For customers who do not want to avail of the eir Wifi service, we can offer an alternative firmware that will reinstate the configurable Guest Wifi Network, however, the eir F2000 modem will no longer support eir WiFi and VoBB functionality. This Firmware change will take 2-3 Working Days to complete and none of these changes will have any effect on your standard wifi network.

Our broadband technical support team will be more than happy to assist you with reinstating the configurable Guest Wifi Network. You can contact them directly on 1890260260 or freephone 1901 option 2.

Let me know if you need any further assistance.

Thanks,
[font=Open Sans, Arial, Helvetica, sans-serif]Pamela[/font]

[font=Open Sans, Arial, Helvetica, sans-serif]https://www.boards.ie/b/thread/2057715926#103253453[/font]

John Dough · 23-04-2017 8:49pm

I got the new modem and guest wi-fi was enabled so rang eir and they said they would turn it off but never happened!! so went in to the eir app and turned it off.:D

Now my problem is wi-fi dissapeering for times and sometimes have to reboot the router to get it back must be a box of sh** this router.

garra · 04-05-2017 2:53pm

andrewdeerpark wrote: »

A word of warning on the F2000 Router.

As of about 2 weeks ago Eircom rolled out a firmware update (Firmware version:V100R001C59B035) that disables the user configurable Isolated Guest Wifi access functionality. This is most useful for allowing someone on your WIFI but they have no access to any devices in your LAN and is simple to setup.

What they are doing is creating there own cluster on Wifi networks on your modem, in your house or business that is accessible to individuals registered in the my eir portal.

https://www.eirmobile.ie/opencms/export/sites/default/.content/pdf/terms/eir_wifi_terms_and_conditions.pdf

I only found out when all the guest wifi config on my F2000 modem was disabled with no way to re enable it please be warned.

Anyone with a working generic firmware that I can flash to the modem giving me back charge of the device (Huawei HG659) appreciated?

Hi Did you get a response to this post?

We are using same F2000 in work, we configure Port Forwarding on the device but we have had to re-configure it about 5 times in last couple of months.

Eircom must be pushing out lots of firmware updates, its a bloody pain in the ass having to re-configure it every time.

Is there a way to disable firmware updates or remote reboots of the device?

Packet · 04-05-2017 10:23pm

garra wrote: »

We are using same F2000 in work, we configure Port Forwarding on the device but we have had to re-configure it about 5 times in last couple of months.

Eircom must be pushing out lots of firmware updates, its a bloody pain in the ass having to re-configure it every time.

Is there a way to disable firmware updates or remote reboots of the device?

What firmware version do you have? Perhaps you aren't being firmware upgraded at all and something else is happening. It is listed under status information on the login screen. My Port Mapping rules weren't wiped going from B023 to B035, which was done in a single step.

garra · 05-05-2017 12:59pm

Packet wrote: »

What firmware version do you have? Perhaps you aren't being firmware upgraded at all and something else is happening. It is listed under status information on the login screen. My Port Mapping rules weren't wiped going from B023 to B035, which was done in a single step.

We have B035 version. We have checked that rebooting router does not wipe the Port Forwarding config. Nothing in the logs to suggest what is happening.

I will call Eircom, god help me. Thanks for info that your config does not get wiped with firmware updates, I am surprised to hear that.

Warning about the new F2000 modem supplied by Eircom with E-Fibre

Comments