Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Alert: Major vuln in eircom F1000/F2000 routers

  • 11-09-2015 3:26pm
    #1
    Registered Users, Registered Users 2 Posts: 1,034 ✭✭✭


    As posted here:
    http://www.boards.ie/vbulletin/showthread.php?p=96968297#post96968297

    If you have remote management turned on in any form on these routers (Telnet, web, ssh) disable it immediately.

    Eircom include a secret account and login with these routers that leave them vulnerable to remote firmware flash, etc.

    I found this master login simply by dumping my home F1000 router config:

    WxQgfsQ.png

    I have confirmed as exploitable in the wild. I am led to believe that the F2000 is vulnerable too.


    EDIT: To clarify, the password on the zyuser account is the same for every F1000


Comments

  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    NoT in the least surprised given eircoms track record.


  • Closed Accounts Posts: 3,006 ✭✭✭_Tombstone_


    No sign of Talk To lot coming in to this one...Post this over in their Forum.


  • Closed Accounts Posts: 720 ✭✭✭anvilfour


    Great - guess what kind of router I have? I have disabled Wifi and put in bridge mode.. am I safe? I don't see options for ssh or Telnet on admin page..


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    anvilfour wrote: »
    Great - guess what kind of router I have? I have disabled Wifi and put in bridge mode.. am I safe? I don't see options for ssh or Telnet on admin page..

    I'd be happy to pen test it for you.


  • Closed Accounts Posts: 720 ✭✭✭anvilfour


    syklops wrote: »
    I'd be happy to pen test it for you.

    I'll treat you to dinner and a show first! :-D


  • Advertisement
  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    anvilfour wrote: »
    I'll treat you to dinner and a show first! :-D

    Which show?

    Id love to see Cats in real life. I know all the songs!


  • Closed Accounts Posts: 720 ✭✭✭anvilfour


    syklops wrote: »
    Which show?

    Id love to see Cats in real life. I know all the songs!

    All alone in the moooonlight... :)


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    anvilfour wrote: »
    All alone in the moooonlight... :)

    I always liked Jennyanydots


  • Registered Users, Registered Users 2 Posts: 1,034 ✭✭✭dalta5billion


    Firmware update within next two weeks for F1000. F2000 not affected according to eircom.


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    Firmware update within next two weeks for F1000. F2000 not affected according to eircom.
    Did they let you know if the firmware just changes the hardcoded credentials or does it also change the fact that their management port is open to the world?


  • Advertisement
  • Closed Accounts Posts: 720 ✭✭✭anvilfour


    This is really worrying, I have put the router into bridge mode for now as stated above and am connecting via cable though not sure how much more secure this will actually make me given the ports are vulnerable!

    Is there any reason we can't just buy a new modem and use that to connect to Eircom instead?


Advertisement