cancel
Showing results for 
Search instead for 
Did you mean: 

2wire Bt 1800 /BT1801 hg vulnerabilities

MrSmith
Dabbler
Posts: 10
Registered: ‎26-10-2007

2wire Bt 1800 /BT1801 hg vulnerabilities

Having been with Pn for a number of years and doing more on line gaming, I decided to upgrade to BByw Pro.
I asked for the free wireless router thinking that I was going to get a Bt Voyager. when I received the Bt 1801 Hg
i was a bit concerned as i remember reading about incidents of 2wire routers having security issues and that there was major incidents in Mexico. Shocked
Please see this link from Security Focus http://www.securityfocus.com/bid/27246/info
Ok so "To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI"
but as this states
2Wire Routers Cross-Site Request Forgery Vulnerability
Bugtraq ID: 27246
Class: Design Error
CVE: CVE-2007-4389
Remote: Yes
Local: No
Published: Aug 15 2007 12:00AM
Updated: Jan 31 2008 07:57PM
Credit: hkm@hakim.ws and Eduardo Espina García are credited with the discovery of this vulnerability.
Vulnerable: 2Wire 2071 Gateway 5.29.51
2Wire 2071 Gateway 3.17.5
2Wire 2071 Gateway 3.7.1
2Wire 1800HW 5.29.51
2Wire 1800HW 3.17.5
2Wire 1800HW 3.7.1
2Wire 1701HG 5.29.51
2Wire 1701HG 3.17.5
2Wire 1701HG 3.7.1
What i am asking is anybody at Pn aware of this situation and if so should these routers be available to us and those that have be replaced?  Undecided
3 REPLIES
MrSmith
Dabbler
Posts: 10
Registered: ‎26-10-2007

Re: 2wire Bt 1800 /BT1801 hg vulnerabilities

Ianwild
Grafter
Posts: 3,835
Registered: ‎05-04-2007

Re: 2wire Bt 1800 /BT1801 hg vulnerabilities

Did you try a search on the BT Voyager kit?... The reality is that most of the manufacturers in the market have been subject to some potential exploits and there comes a point where one has to make a call when looking at these things, especially in terms of the potential impact. This type of vulnerability is quite common in CPE and relies entirely on users not changing the default password for the admin area once they get the kit. The 2wire modems are actually some of the most secure I've seen generally, and the particular report is quite old now and hasn't been attempted as far as I know on anything but the Mexican ISP mentioned there.
That said, security is beyond critical and I will be happy to take more of a look into this, as well as asking 2wire to check the firmware we are using and see if there is anything we need to do. Furthermore, that particular unit is reaching the end of it's natural life anyway, although it's still a good bit of kit in my opinion. Just make sure you've set an admin password and enjoy the router - I find the wireless coverage especially is a vast improvement over any other 802.11g kit I've tested, and I'm still using my own sample unit at home.
Ian
MrSmith
Dabbler
Posts: 10
Registered: ‎26-10-2007

Re: 2wire Bt 1800 /BT1801 hg vulnerabilities

Thanks Ian for your reply. I only knew of any incident when i picked up my issue of Computer Shopper after receiving the (2wire) Bt 1801hg from yourselves. The thing is I have set it up fine , with changing the password  Wink( which in default isnt on) but as the article suggests "updating to the latest firmware", I have tried with no success as basicly I dont know what I am doing! Cheesy
I would be very interested in any response you have from 2wire & any advice you have,,, Thanks v. much Paul.
Btw if this is any help
model          :BT1801HG
Software Version:  3.17.7
ps I havnt included the serial number for obvious reasons