[sdw2003] Anyone heard about this yet? Is this the router used in SD deployments?

[Thaddeus Braun]

Gaping security hole in Time Warner cable routers

A gaping security hole in cable modems distributed to Time Warner/Road
Runner customers could potentially be exploited remotely to access
private networks and possibly capture and manipulate private data.

That's the warning issued by David Chen, a blogger and start-up founder
who discovered he could trivially access a customer's Time Warner
SMC8014 series cable modem/Wi-Fi router combo by simply disabling
JavaScript in the browser to access hidden features in the router's
admin interface.

Chen explains:

After poking around using the customer account, I found that access to
the admin features of the router has been disabled via Javascript. You
heard me correct, the web admin for the router simply uses a script to
hide certain menu options when the user does not have admin privileges.
By simply disabling Javascript in the browser, I was able to access all
the features of the router. With that access, I am now able to change
the wifi settings, port-forwarding, etc.

One of the extra features found by Chen included an admin utility called
"Back Up Configuration File" that was essentially a text dump of the
router's configurations.

Upon examination of this file, I found the admin login & password in
plaintext.  Another issue which was alarming was the fact that by
default, the web admin is accessible from ANYWHERE on the internet.  By
running a simple port scan of Time Warner IP addresses, I easily found
dozens of these routers, open to attack.

This is a really serious issue for any Time Warner/Road Runner running
the SMC8014 router:

Now you can now put two and two together and realize that this has
opened a gaping hole on every single Time Warner customer's network that
uses the SMC8014.  By forcing the customers to use only WEP encryption
on their wifi network, they are allowing anyone to penetrate the network
with ease.  Also by using a fixed format for the SSID, it's extremely
easily tell which wifi network is using the device.  Once inside, anyone
can access the router's web interface and login with the admin account.
What makes this even scarier, is the fact that the web interface is
accessible from anywhere.  From within your own network, an intruder can
eavesdrop on sensitive data being sent over the internet and even worse,
they can manipulate the DNS address to point trusted sites to malicious
servers to perform man-in-the-middle attacks.  Someone skilled enough
can possibly even modify and install a new firmware onto the router,
which can then automatically scan and infect other routers
automatically.

Chen said he reported the issue to Time Warner and was told that nothing
could be done about the problem.  A spokesman for Time Warner told
Wired's Kim Zetter the issue is being fixed.

Thaddeus Braun 
IT Manager
Taylor Guitars
p: 619.258.1207
e: thaddeus.braun at taylorguitars.com
w: www.taylorguitars.com
"Stay active, stay healthy, stay balanced..."