Chen found that this also could be done remotely, thanks to a feature that enables admin access from any Internet-connected machine.
Now you can now put two and two together and realize that this has
opened a gaping hole on every single Time Warner customer’s network
that uses the SMC8014. By forcing the customers to use only WEP
encryption on their wifi network, they are allowing anyone to penetrate
the network with ease. Also by using a fixed format for the SSID, it’s
extremely easily tell which wifi network is using the device. Once
inside, anyone can access the router’s web interface and login with the
admin account. What makes this even scarier, is the fact that the web
interface is accessible from anywhere. From within your own network,
an intruder can eavesdrop on sensitive data being sent over the
internet and even worse, they can manipulate the DNS address to point
trusted sites to malicious servers to perform man-in-the-middle
attacks. Someone skilled enough can possibly even modify and install a
new firmware onto the router, which can then automatically scan and
infect other routers automatically.
Chen said he contacted Time Warner officials about the vulnerability and was told that the company knew about the problem but was unable to do anything about it. Kim Zetter of Wired’s Threat Level blog reports that Time Warner is working on the problem, and says that only a small number–about 65,000–of its customers have the SMC8014 modems.