Jump to content
All visa questions and fresh Immigration updates here ×

TP-Link routers vulnerable to online attack

Xircal

By Xircal
in IT and Computers

 Share

Recommended Posts

Keesters Platinum Member

Keesters

Posted
Posted (edited)

Write it down? On paper?

It's 2015, and you're using a computer. Take a screenshot of the config page. Save it somewhere. Job done.

No not necessarily on paper I never said that. Screen shot could be printed or your method used only if saved in multiple places in case one breaks down. I have a file that contains all my passwords, user names, router details, programs used, masses of stuff. It's on my PC, my phone, my tablet, and in an email box. Gets updated about once a week from notes on scrap paper taken during the week.

That's where I do my writing down.

I know that in some places it is CE2015 thank you but this is Thailand so it is BE2558.

Edited by Keesters
Link to comment
Share on other sites
Chicog Star Member

Chicog

Posted
Posted

But if your router goes caput the backup made on the old one does not always work as restore on the new one. That happened to me. I was forced to change brands of router. Write I down. Even if you have it saved on your PC that can fail at any time. Write it down.

If your routers gone "caput" and your PC fails, I don't suppose you'll be that worried about your Internet settings for a while.

cheesy.gif

Link to comment
Share on other sites
RichCor Platinum Member

RichCor

Posted
Posted

**Some** ISPs actually use TR-069 CPE WAN Management Auto Configuration Agent that will 'request' the account provisioning data on a working line and auto-populate the WAN side router.

I discovered that TOT allows TR-069 when self-replacing an ADSL2+ TP-Link WiFi router with an off-the-shelf purchase.

The documentation TOT left me was written incorrect and left out critical settings. Looking at the setup options, I saw the TR-069 option and was curious. Using that, it auto-populated everything required for the WAN side, leaving me to complete the LAN side. Nice.

Link to comment
Share on other sites
Keesters Platinum Member

Keesters

Posted
Posted

But if your router goes caput the backup made on the old one does not always work as restore on the new one. That happened to me. I was forced to change brands of router. Write I down. Even if you have it saved on your PC that can fail at any time. Write it down.

If your routers gone "caput" and your PC fails, I don't suppose you'll be that worried about your Internet settings for a while.

cheesy.gif

1 day. That's how long it would take to replace both pieces of equipment.

If its just a hard drive that's gone bad. 1hour to buy. 35, minutes to restore.

Piece of cake.

Link to comment
Share on other sites
Keesters Platinum Member

Keesters

Posted
Posted

**Some** ISPs actually use TR-069 CPE WAN Management Auto Configuration Agent that will 'request' the account provisioning data on a working line and auto-populate the WAN side router.

I discovered that TOT allows TR-069 when self-replacing an ADSL2+ TP-Link WiFi router with an off-the-shelf purchase.

The documentation TOT left me was written incorrect and left out critical settings. Looking at the setup options, I saw the TR-069 option and was curious. Using that, it auto-populated everything required for the WAN side, leaving me to complete the LAN side. Nice.

Interesting stuff. And it looks like TOT did you a favor in getting the documentation wrong. First time of hearing something good about them.

Link to comment
Share on other sites
Chicog Star Member

Chicog

Posted
Posted

**Some** ISPs actually use TR-069 CPE WAN Management Auto Configuration Agent that will 'request' the account provisioning data on a working line and auto-populate the WAN side router.

I discovered that TOT allows TR-069 when self-replacing an ADSL2+ TP-Link WiFi router with an off-the-shelf purchase.

The documentation TOT left me was written incorrect and left out critical settings. Looking at the setup options, I saw the TR-069 option and was curious. Using that, it auto-populated everything required for the WAN side, leaving me to complete the LAN side. Nice.

Can't say I'm ecstatic about TP-Link - when vulnerability alerts for routers are announced, their name is usually on the list.

Don't touch D-Link either.

Link to comment
Share on other sites
Keesters Platinum Member

Keesters

Posted
Posted

**Some** ISPs actually use TR-069 CPE WAN Management Auto Configuration Agent that will 'request' the account provisioning data on a working line and auto-populate the WAN side router.

I discovered that TOT allows TR-069 when self-replacing an ADSL2+ TP-Link WiFi router with an off-the-shelf purchase.

The documentation TOT left me was written incorrect and left out critical settings. Looking at the setup options, I saw the TR-069 option and was curious. Using that, it auto-populated everything required for the WAN side, leaving me to complete the LAN side. Nice.

Can't say I'm ecstatic about TP-Link - when vulnerability alerts for routers are announced, their name is usually on the list.

Don't touch D-Link either.

Nothing wrong with d-link except True ADSL breaks them after a few months. 3BB doesn't.

Link to comment
Share on other sites
Chicog Star Member

Chicog

Posted
Posted (edited)

2 Feb 2015 at 21:20, John Leyden

D-Link router DSL-2740R, and possible more like it, are allegedly vulnerable to DNS hijacking – which hackers can exploit to lure victims to dodgy websites and servers.

According to Bulgarian security researcher Todor Donev, the flaw lies in certain builds of ZyXEL's ZynOS firmware, which is used in network hardware from TP-Link Technologies, ZTE and D-Link. The affected kit is aimed at homes and small businesses.

Routers running the vulnerable software expose their internal web servers to the open internet, Donev claims, and allow anyone to remotely configure the devices without having to log in. An attacker just needs a victim's public IP address – which can be found by scanning the net – and fire off a HTTP request along the lines of:

It sounds very similar to the vulnerabilities found in ADB Pirelli routers last month.

Donev went public about the D-Link vulnerability without notifying the affected vendors.

And I have a D-Link DIR-825 on my bench that I pulled from a client a month ago with the DNS servers changed to St. Petersburg. I opened a thread on it.

Edited by Chicog
Link to comment
Share on other sites
RichCor Platinum Member

RichCor

Posted
Posted

Security Suite vendors really need to add a DNS check and verify routine.

Or preferably make it impossible to modify the DNS with a crafted HTTP request!

biggrin.png

You're trying to take all the fun out of hacking and social engineering.

Link to comment
Share on other sites
Chicog Star Member

Chicog

Posted
Posted

Security Suite vendors really need to add a DNS check and verify routine.

Or preferably make it impossible to modify the DNS with a crafted HTTP request!

biggrin.png

You're trying to take all the fun out of hacking and social engineering.

I prefer to think of it as trying to stop Russian organised crime emptying people's bank accounts.

wink.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.







×
×
  • Create New...