February 20, 2006

USR is backstabbing me…

Posted in Computers at 1:04 pm by pmatos

Being security an extremely important issue these days I was not expecting this kind of backstab by USR. A year ago I bought a US Robotics router, specifically U.S. Robotics Broadband Router (Model # 8003 , 1.04 13 ). The firmware version was 1.04.08 at the time but I have updated it to the last version. Still I’ve been having some problems:

  • Whenever my brother leaves his PC on downloading during the night for hours and hours long the router decides to stop working so when I get up and wish to connect I usually need to reboot the router.
  • Lately, I’ve started to play with webservices and I had to do some forwarding on some ports and play with the firewall, in the Virtual Servers sections… What a mess… First, the interface is extremely ugly with a very bad design and… it doesn’t work… One can easily check that through GRC.
    As solution I added my PC as a DMZ, leaving it wide open to the internet and then started to use Shorewall (a layer above iptables to make stuff easier to configure). And now… it’s working great! Damn, I hate that router… if you want something done correctly, do it yourself!

But this I was not expecting… Out of curiosity I checked the source of the page generated by the router interface and:

function submitF(F)
{
var loginflag,loginIP;
var pwd;

loginflag = 0;
loginIP = "0.0.0.0";

pwd = "xxxxxxxxx" ;

if (loginflag == 1)
{
alert("Someone ( " + loginIP + " ) has logged in as an administrator !");
F.submit();
}

if ( F.PSW.value != pwd )
{
alert("Incorrect password!");
F.submit();
}
F.submit();
}

WHERE THAT “xxxxxxxx” IS EXACTLY THE PLAIN TEXT OF MY PASSWORD?!?!?!?!?!

Probably not many people try to access the interface of my router from the outside but still, anyone inside the LAN can do that, i.e., my family. Still, that’s my password for everything and as much as I like my family I don’t want them playing around with my personal stuff! USR never more!

1 Comment »

  1. Nós temos um Linksys WRT54G que tem funcionado lindamente nos ultimos meses, usando um dos firmware malucos da Sveasoft.
    Á dias compramos um Netgear WG614 (€50, why not), na esperança que um sistema não patchado e out-of-box pudesse ser mais rápido que o linux – o linksys não dá os 54Mb/s, nem nada que se pareça, e olhando para o top, 50% vai para o pppoe e 50 para o processo da wireless.

    Fracasso total!

    Ao fim de algum tempo (maximo que consegui foram 4 horas), o router da netgear crasha. Ao fim de metade desse tempo, a nat connection track passa-se completamente e o port forward deixa de funcionar.

    Fiz rollback para o linksys :)


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: