There’s a rudimentary vulnerability in a cable modem/wireless router installed in tens of thousands of homes by Time Warner that could enable an attacker to get full access to the router quite easily. The vulnerability, which was discovered and disclosed recently by a blogger named David Chen, is in the SMC8014 series of cable modems, which Time Warner installs in some of its cable customers’ homes. The flaw lies in the way that the modem and router is configured. As Chen was trying to help a friend reconfigure his modem, he noticed that the admin interface was protected by nothing more than a piece of JavaScript code. By disabling JavaScript in his browser, Chen was able to access the admin features and take complete control of the modem.
Chen found that this also could be done remotely, thanks to a feature that enables admin access from any Internet-connected machine.
Now you can now put two and two together and realize that this has
opened a gaping hole on every single Time Warner customer’s network
that uses the SMC8014. By forcing the customers to use only WEP
encryption on their wifi network, they are allowing anyone to penetrate
the network with ease. Also by using a fixed format for the SSID, it’s
extremely easily tell which wifi network is using the device. Once
inside, anyone can access the router’s web interface and login with the
admin account. What makes this even scarier, is the fact that the web
interface is accessible from anywhere. From within your own network,
an intruder can eavesdrop on sensitive data being sent over the
internet and even worse, they can manipulate the DNS address to point
trusted sites to malicious servers to perform man-in-the-middle
attacks. Someone skilled enough can possibly even modify and install a
new firmware onto the router, which can then automatically scan and
infect other routers automatically.
Chen said he contacted Time Warner officials about the vulnerability and was told that the company knew about the problem but was unable to do anything about it. Kim Zetter of Wired’s Threat Level blog reports that Time Warner is working on the problem, and says that only a small number–about 65,000–of its customers have the SMC8014 modems.