Thomson TG585 security issue

petejackson · ‎12-04-2007

Some customer emails were sent linking to the support library: http://community.plus.net/library/browsing/changing-the-default-password-on-a-thomson-585v7/
and some sent linking to our www support pages: http://www.plus.net/support/broadband/hardware/t585v7_changepass.shtml
(We created a new support page since there appears to be a software glitch on the beta Support Library).
In both cases we neglected to point out that, once a new router admin password is set, you need to log in with Administrator as the router's username. This has caused a number of calls to the CSC this evening and now been fixed.
We have also added advice pointed out by Jim earlier in this thread about not responding to unexpected requests to enter router username and password when browsing web pages.

Thank you for your feedback - we'll update as much as quickly as we can based on your comments and feedback.

petejackson · ‎12-04-2007

Our CSC are taking calls from customers whose password has already been set. We are therefore adding the following text to our support pages. This will appear in a highlighted box at the top of the page.
If you got you router before Dec 2008 you shouldn't need to take any action.
If you visit http://192.168.1.254/ and are prompted for a username and password then the security flaw does not apply to you. You are already safe from the reported vulnerability and you need not take any action.

VileReynard · ‎01-09-2007

What is the nature of the problem - does it apply to non-Thomson routers which have a browser-remembered user/password?
This is in a situation where the password has been changed from the default.

"In The Beginning Was The Word, And The Word Was Aardvark."

SteveA · ‎17-06-2007

It would only affect you if you clicked on OK when the Authentication dialogue box pops up.

petejackson · ‎12-04-2007

Quote from: Crucibleofevil
What is the nature of the problem - does it apply to non-Thomson routers which have a browser-remembered user/password?

The reported potential security flaw is known as a Cross-Site Request Forgery (CSRF). The issue is known to affect both the O2 Wireless Box II and III and Thomson TG585 and TG585n router modems. If customers have previously set a password for the default Administrator username then we understand that they would be secure from the potential flaw. It's important to realise that this issue has been demonstrated but we understand that it is not in the 'wild'. For the exploit to work you'd need to visit an infected webpage on the Internet and we do not believe there are any (as yet). As ever, safe surfing, using a good firewall and anti-virus sofware and regularly changing your passwords are to be advised. We have emailed our customers because we feel it's important that we do what we can to make sure we keep you as informed and safe from potential risks as we can. It is not reported that any other routers have been demonstrated to be vulnerable to similar exploits.

gleneagles · ‎02-08-2007

Peter Jacksons post is essential reading, unfortunately it was not included in Plusnet's e-mail......... fortunately I didn't start fiddling around with any settings and clicking on this link takes me to a box asking for user name and password, so I do not need to take any action !
I think it essential that Plusnet get another e-mail out to customers with this link so at least some people will be reassured they have to take no action.
Equally all credit to Plusnet for advising us about this possible problem

We are born into history and history is born into us.

petejackson · ‎12-04-2007

Thanks for that Gleneagles. I've had my team update our support pages today with the info that you refer to:
http://www.plus.net/support/broadband/hardware/t585v7_changepass.shtml
http://community.plus.net/library/browsing/changing-the-default-password-on-a-thomson-585v7/
You're right to say the email should've had the info but I'm hoping that the information now on the support page should put our customers' minds at ease - provided that pop-up box appears of course!
Important to realise that you should never type in that username and password unless you're expecting it. That's why we say don't let your browser save the password.

fox65 · ‎06-09-2009

Hi, I am a new member here in the community and need a little help. Up to a few days ago I was able to get into my router details with no trouble, now when entering http://192.168.1.254/ I am asked for username and password. Whatever I type in it does not get me further then the box, am I doing something wrong ? and why was I able to get into the router before with no trouble and yet not able to do so now? I am on the Internet ok, just not able to get into my router details. Hope I have made this plain as i know very little about routers and just a little about computers. Any help would be most welcome, fox

Oldjim · ‎15-06-2007

unless you have changed something the username is Administrator (note the capital A) and the password is blank - don't type anything just press enter

fox65 · ‎06-09-2009

Thank you I will give that a try

fox65 · ‎06-09-2009

No that did not work, as far as i know I have not done anything this end, when removing the box I end up with HTTP/1.0 401 Authorization Required, fox

Oldjim · ‎15-06-2007

If you really want to access it you are probably going to have to do a hard reset but then you will need to put all the Plusnet info back in.
Just as a quick check before doing that can you try to telnet into it - if you don't know how to do that the instructions here will help http://community.plus.net/library/hardware/how-to-change-the-default-dns-servers-in-a-thomson-speedt...

artmo · ‎12-08-2007

Jim, is the password just admin rather than the full word? It is on the D-Link router.

Oldjim · ‎15-06-2007

I was assuming we are talking about a Thompson Speeedtouch router from the address being used to access it. The login and password aren't the same as a D-Link or a Netgear as another example

fox65 · ‎06-09-2009

OK I have tried the telnet, same problem, invalid username and password, I type in Administrator and leave the password blank, fox

Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

"In The Beginning Was The Word, And The Word Was Aardvark."

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue

Re: Thomson TG585 security issue