Plusnet Hub One needs security fix
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Re: Plusnet Hub One needs security fix
Plusnet Hub One needs security fix
04-05-2018 9:27 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hello
Yesterday researchers posted a security flaw that allows fibre broadband routers to be accessed without a username and password. I am curious as to whether anyone else is experiencing this problem.
Reference see SCMagazineUK with the article on 'Millions of fibre broadband routers open to remote control by hackers'.
If you access your router by typing in the URL as in 192.168.1.1 or 192.168.1.254 or whatever it is and append this: ?images/ to the end, it gives anyone instant access. This is a huge security hole and wonder when this will be fixed.
For example, going to 192.168.1.1?images/ or 192.168.1.254?images means that users who should not be able to access the router without a password could click on 'Disconnect' or 'Configure'. Advanced Settings are still protected by a password (provided people have set this up), but this means if anyone accesses their router over the internet (which you shouldn't do anyway) or uses it in a work environment or other place where it is not one's specific family who access the network, then hackers can easily manipulate the router to their own advantage.
When can we expect an update to the firmware to resolve this security hole?
Re: Plusnet Hub One needs security fix
04-05-2018 9:37 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
There appears to be nothing related to.the hub one. Just routers in Mexico, Vietnam and Kazakhstan primarily. Made by a router manufacturer that isn't the people who make the hub one .
Re: Plusnet Hub One needs security fix
04-05-2018 9:43 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet Hub One needs security fix
04-05-2018 9:45 AM - edited 04-05-2018 9:46 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
This vulnerability reportedly affects GPON devices, so I'm not entirely sure what router(s) you're referring too?
It certainly doesn't affect the Hub One.
Edit: others beat me to it
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: Plusnet Hub One needs security fix
04-05-2018 9:47 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Moderator's note:
Moved from Fibre Broadband to My Router.
Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still
Re: Plusnet Hub One needs security fix
04-05-2018 10:03 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks for the reference. Who makes the Plusnet Hub One?
Re: Plusnet Hub One needs security fix
04-05-2018 10:05 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Obviously 192.168.x.x wouldn't be accessible directly but one could setup a router to access web servers and such using services like DynDNS and others to direct internet traffic to the router. As I mentioned, it's foolish to be able to setup a dynamic DNS to one's own network to tweak router settings, but some people do. The 192.168.x.x would be masked to the internet IP address whatever that is.
Re: Plusnet Hub One needs security fix
05-05-2018 12:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Even if somebody does have access to the local network, browsing to the Hub One using https://192.168.1.254?images/ does nothing to bypass the admin password.
The device is manufactured by Sagemcom.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Re: Plusnet Hub One needs security fix