February 20, 2006
USR is backstabbing me…
Being security an extremely important issue these days I was not expecting this kind of backstab by USR. A year ago I bought a US Robotics router, specifically U.S. Robotics Broadband Router (Model # 8003 , 1.04 13 ). The firmware version was 1.04.08 at the time but I have updated it to the last version. Still I’ve been having some problems:
- Whenever my brother leaves his PC on downloading during the night for hours and hours long the router decides to stop working so when I get up and wish to connect I usually need to reboot the router.
- Lately, I’ve started to play with webservices and I had to do some forwarding on some ports and play with the firewall, in the Virtual Servers sections… What a mess… First, the interface is extremely ugly with a very bad design and… it doesn’t work… One can easily check that through GRC.
As solution I added my PC as a DMZ, leaving it wide open to the internet and then started to use Shorewall (a layer above iptables to make stuff easier to configure). And now… it’s working great! Damn, I hate that router… if you want something done correctly, do it yourself!
But this I was not expecting… Out of curiosity I checked the source of the page generated by the router interface and:
loginflag = 0;
loginIP = "0.0.0.0";
pwd = "xxxxxxxxx" ;
if (loginflag == 1)
alert("Someone ( " + loginIP + " ) has logged in as an administrator !");
if ( F.PSW.value != pwd )
WHERE THAT “xxxxxxxx” IS EXACTLY THE PLAIN TEXT OF MY PASSWORD?!?!?!?!?!
Probably not many people try to access the interface of my router from the outside but still, anyone inside the LAN can do that, i.e., my family. Still, that’s my password for everything and as much as I like my family I don’t want them playing around with my personal stuff! USR never more!