It took me a while to get an answer from 2wire but i eventually received one this morning.
"Response by Robert T.: on 06-10-2008 11:33 am
It is a hotfix to fix security vulnerability As soon as we became aware of the issue; we expeditiously implemented a permanent solution with our partners to close the vulnerability."
Good news. ;D i'm running the SBC firmware, has anyone running BT firmware received this update yet?
If you look in /mdc under System summery, Components, it should show as "generic.hotfix: 124665"
Nothing here, Ted, on twin SSID, BT firmware.
I have that on my SBC model, Ted.
My BT and Singtel versions are not showing the Hotfix.
The BT 2700HGVs that are being used with other ISPs have been abandoned by BT and no longer check for updates on a valid web address.
So, is this something to worry about, and is there a solution?
I don't know whether there's a solution, Simon, but I don't regard the risk as high.
Me either.
Quote from: Simon on Jun 11, 2008, 11:31:36
So, is this something to worry about, and is there a solution?
If you are concerned, alter the router IP address away from 192.168.1.254; then change
home, gateway and
gateway.2wire.net to 127.0.0.1 in the Hosts file for each PC on the LAN.
After that they will be hard pushed to find the router to make the changes !
What would be ideal is a downloadable patch from 2wire, as its "generic" it ought to work on any firmware?
I'll have a word with "my mate" Robert T at 2wire support and see what's possible. I can already hear the laughing across the pond!!
i wonder would it be possible to point the Dual routers at the 2wire provisioning server?
Quote from: kinmel on Jun 11, 2008, 13:56:22
If you are concerned, alter the router IP address away from 192.168.1.254; then change home, gateway and gateway.2wire.net to 127.0.0.1 in the Hosts file for each PC on the LAN.
After that they will be hard pushed to find the router to make the changes !
Thanks for that, Alan. :)
Quote from: Ted on Jun 11, 2008, 14:24:47
i wonder would it be possible to point the Dual routers at the 2wire provisioning server?
I wonder that too. I'm not sure we'll get the updates from BT.
I don't even see /mdc never mind "generic.hotfix: 124665" under System Summary, Components in my dual SSID 2700.
This is what I see on page:
http://gateway.2wire.net/xslt?PAGE=J01&THISPAGE=J02&NEXTPAGE=J01
System Summary
.
.
.
Components
system: 87826
bto_logo: 102189
bto: 102192
bto_en: 102190
bt-2700hgv-pppoa_config: 102188
base_ui: 102168
common_en: 102170
base_voice: 102169
bto_providerconf: 102191
Firewall Rules: 1000
Application List: 1001
IGMP Proxy: Disabled
IGMP Querier: Disabled
IGMP Snooping: --
???
Mine are identical, Les:
Components
system: 87826
bto_logo: 102189
bto: 102192
bto_en: 102190
bt-2700hgv-pppoa_config: 102188
base_ui: 102168
common_en: 102170
base_voice: 102169
bto_providerconf: 102191
Firewall Rules: 1000
Application List: 1001
IGMP Proxy: Disabled
IGMP Querier: Disabled
IGMP Snooping: --
Quote from: Simon on Jun 11, 2008, 20:38:30
Mine are identical, Les:
ooping: --
Hi Simon,
I am not sure if this is a comfort or whether we should both be concerned! ;)
Quote from: LesD on Jun 11, 2008, 20:34:58
I don't even see /mdc
192.168.1.254/mdc is the default router address for the management pages.
If you are concerned, just follow Alans advice a few posts back.
The hotfix applies to single SSID models running the SBC firmware, so us dual SSID, BT-branded users won't see the hotfix. I'm not sure if/when we'll be patched. I hope that clears the confusion up. :)
Thanks, Seb. I think I'll leave well alone. ;)
Quote from: Ted on Jun 11, 2008, 21:20:24
192.168.1.254/mdc is the default router address for the management pages.
Hi Ted,
That address take me to the same place as the one I posted namely:
http://gateway.2wire.net/xslt?PAGE=J01&THISPAGE=J02&NEXTPAGE=J01.
I am not concerned even though it may be analogous to the proverbial ostrich with its head in the sand! ;D
The /mdc is just a manual shortcut, if you like, and it ultimately goes to the same link as you've posted. It's this page that hotfixes are shown, but we won't have any on our dual SSID models.
It would appear that i have to contact BT to discuss their implementation policy as to fixing their shite firmware ;D
I'll keep trying, you never know i might wear them down (2wire not BT). Exhaling as i type ;D
:lol: