[olug] SMC 7004FW
Rob Townley
rob.townley at gmail.com
Thu Jul 8 07:17:02 UTC 2004
For those of you that have a SMC 7004FW, 7008ABR or some other
Barricade series soho router:
A remote admin page is open to the internet by default on port 1900.
So, from the internet,
opening up http://YourInternetIpAddress:1900/ web page brings you to
the logon page for your router. If you did not set a password, your
router is wide open. This hole is even there if Remote Administration
is turned off and UPnP is turned off (1900 is the SSDP part of UPnP).
Power off/on your router before testing because this flaw disappears
under some configurations until a power reset.
The way to fix it seems to be
- enable the firewall - it is off by default
- forward port 1900 to an unused IP address
- the latest firmwares 2.15t2 and 2.16 both exhibit this hole
For further details, a discussion can be followed at
BroadBandReports.com via the following google search:
site:www.BroadBandReports.com SMC 1900 SMC7008ABR's remote administration hole?
SMC was aware of this issue in the 7008ABR back in April and i heard
they fixed it with the latest firmware. I informed them of the
problem with the 7004FW today.
Robert Townley
More information about the OLUG
mailing list