PDA

Visualizza versione completa : Modem Ericsson hm220dp...?


Mc|Atm0s
15-03-2006, 21.13.25
Ciao ragazzi! Ho comprato un modem ericsson 220 dp con interfaccia ethernet (da sostituire al mio che ha solo interfaccia usb). Ho letto in giro che possibile trasformare questo apparecchio in router tramite modifica del firmware. Ne sapete qualcosa? Qualcuno di voi ha avuto esperienza con questo apparecchio?
Se sapete qualcosa fatemelo sapere!

Io ho questi due link...

http://spazioinwind.libero.it/zaccasoft/3hm220dp4all/main.htm

http://www.geocities.com/area51/shire/2661/

Mc|Atm0s
17-03-2006, 17.14.32
:confused: allora? nessuno sa dirmi qualcosa su questo modem? :confused:

Mc|Atm0s
18-03-2006, 13.39.16
...:confused:

Ho trovato questo documento, pero' nn riesco a scaricare il fix. Azz.
Qualcuno ha questo maledetto apparecchio?

SYSTEMS AFFECTED ========
DSL Modem Ericsson HM220dp

CONTENTS =========
Subject: DSL Modem Ericsson HM220dp Exploit
Date: February 22, 2004
Risk: Moderate

DESCRIPTION =========
This is the natural consequence of the following security flaw:

http://www.secunia.com/advisories/8057/
http://www.securityfocus.com/bid/6824/info/

The Ericsson HM220dp DSL modem/router provides no authentication for his Web Administration panel. So, a malicious user can access the panel and change settings on a local network.

I discovered another serious implication of this bug: the vulnerability can be exploited also throughout a web page, this means that a script contained in a malicious web site (or e-mail) can modify the modem configuration; is also possible to interrupt the modem connection.

WORKAROUNDS ========
By changing the modem's default IP address (192.168.254.254) the exploit cannot work. In order to patch the flaw Ericsson also provided the following update:

http://www.wii.ericsson.net/xdslterminals/files/CXC_132_2094-R3F.exe
http://www.wii.ericsson.net/xdslterminals/files/Readme_Instruction_HowTo_update.
txt

CREDITS =========
Vulnerability found by Roberto Dapino, Italy. roberto(at)xdesign.it