Insecure Cable networks ?

Jorge Amodio jmamodio at
Sat Feb 6 02:43:10 UTC 2010

Is it a common practice on cable network providers to leave access
to the cable modem/router management web UI wide open ?

Here is the scoop. I heard about it but didn't experienced it hands on
or seen myself until recently when I was testing one of the embedded
TCP/IP boards I produce which as many other IP gadgets has a mini
HTTP server which I access just typing the IP address of the thing.

In my home lab an IPv4 address on 10/8, not very uncommon I
screwed up and made a typo on the IP address and ended on a
different device web UI, an Ambit cable modem

Hmmm my modem is from Toshiba, I tried the default factory
password, it worked !!, not only that, this thing is several cities
hundreds of miles away from here .. ehhh ?

fired nmap, tried several 10/24 networks and just playing by hand
found hundreds of devices and every single one I tried default password
it worked, not only modems, also modem/routers and some with
integrated VoIP where if I wanted I would have been able to change
provisioning configuration, channel scanning, browse through the call
manager logs and see who's calling or being called, etc.

Isn't this a huge security hole ?

It wont take much for a kiddie to write a very simple script to drive
crazy the noc guys taking down pieces of the network here and there ...

If a grownup from TWC/RR wants to get more specifics feel free to
contact me.


More information about the NANOG mailing list