COMMAND

    Gateway Modem

SYSTEMS AFFECTED

    Telocity's "Gateway Modem"

PROBLEM

    Kras  Hish  found  following.   Telocity  provides  DSL  to  their
    customers through what they call the Telocity "Gateway Modem".  In
    the modems, you  can connect to  them through your  web browser to
    view  usage  statistics,  your  assigned  IP,  the  DHCP server IP
    (Modems  IP),  Management's  IP  (Modem's  IP,  different than the
    previous), DNS IP, and the hardware software version information.

    In the  older model  modem, it  is possible  to remotely  view the
    "Details"  section  of  the  modem,  thus  reveling  all the above
    mentioned  information  to  a  possible  intruder.   Telocity  has
    numbered  their  gateways  in  sequential  order,  so  it would be
    possible   to   write   a    script   that   would   search    for
    http://123.123.123.1/stats in a range of addresses.  Of course  is
    the ever interesting URL http://123.123.123.1/admin which  prompts
    you for a username/password combo to access what? (any information
    on this would be great).

    The modems with the following are vulnerable:
    - Manuf. Date: August 3, 1999
    - Hardware: v02.00.02.00
    - OS Release: v01.02.13.02

SOLUTION

    Newer modems give a 403 Forbidden error.