Community Forum

Comcast Xfinity Router Easy Hack

Frequent Visitor

Comcast Xfinity Router Easy Hack

Everyone has your password and User Name 

Password = Password 

User Name = Admin

My Arris Comcast Xfinity Router that I pay $11 month is an easy hack

You whole neighborhood knows all your info

Google it and see for yourself

 

Frequent Visitor

Re: Comcast Xfinity Router Easy Hack

While searching around for a solution to the Arris(modem) password of the day I found out that these routers where being crawled by most common search engines. I found this out by doing the following google query:

1
inurl:"adv_pwd_cgi"
The in quote string comes from the default Arris Login page which looks something like this

1
192.168.100.1/cgi-bin/adv_pwd_cgi
From this page you can access the default Xfinity Login page by doing the following:

Click the BASIC tab
Click the Xfinity tab //if present
Upon clicking the Xfinity tab you will be redirected to the network’s external IP with an open port 8080. Now that you are on this page it will ask you for the Username and Password.

All Xfinity routers come with the exact same login info.


Username: admin
Password: password
From here you can manage the “stranger’s” whole network. Change all kind of settings:

Network configuration (LAN,Wireless,etc ...)
Connected Devices
Port Forwarding (TCP/UDP) ==> The scary part
DMZ

Re: Comcast Xfinity Router Easy Hack

Statement from Comcast:

https://forums.xfinity.com/t5/Anti-Virus-Software-Internet-Security/Bug-in-Xfinity-Leaking-Personal-...

 

@Welcome_to_Post - I wasn't sure this is the same statement you were referring to.

 

 

Frequent Visitor

Re: Comcast Xfinity Router Easy Hack

I looked at the link you provided is very sketchy details of a Ziff Davis article.

I was reading some blogs and I do not know where ZD gained their info.

I am sorry I did not save the link but here is the info I cut and pasted off a Blog.

Maybe this info will help Comcast Xfinity or X-1 fix this Router Hack?

They said hacking is illegal and told you to use this info for educational purposes only:

 

------------------

Dynobin Blog
SNIPPETS
Xfinity Router Login Hack
06/28/2013 Francisco Lopez Vulnerabilities
While searching around for a solution to the Arris(modem) password of the day I found out that these routers where being crawled by most common search engines. I found this out by doing the following google query:

1
inurl:"adv_pwd_cgi"
The in quote string comes from the default Arris Login page which looks something like this

1
192.168.100.1/cgi-bin/adv_pwd_cgi
From this page you can access the default Xfinity Login page by doing the following:

Click the BASIC tab
Click the Xfinity tab //if present
Upon clicking the Xfinity tab you will be redirected to the network’s external IP with an open port 8080. Now that you are on this page it will ask you for the Username and Password.

All Xfinity routers come with the exact same login info.


Username: admin
Password: password
From here you can manage the “stranger’s” whole network. Change all kind of settings:

Network configuration (LAN,Wireless,etc ...)
Connected Devices
Port Forwarding (TCP/UDP) ==> The scary part
DMZ

___

 

I don’t know the reason as to why ports 80 and 8080 are opened to the public by default. I don’t think users are doing these port-forwards for two reasons, they didn’t even bother to change the default admin password AND they don’t show up on the router’s configuration.

I tested this on my IP and fortunately they weren’t opened because I had my web-server running on these ports so they never reached the Arris/Xfinity login page.

To protect yourself change the default admin password for your Xfinity router and/or open port 80/8080 on some other device.

 

 

 

 

Expert

Re: Comcast Xfinity Router Easy Hack


@Betar wrote:

Everyone has your password and User Name 

Password = Password 

User Name = Admin

My Arris Comcast Xfinity Router that I pay $11 month is an easy hack

You whole neighborhood knows all your info

Google it and see for yourself

 


Please stop with the scaremongering. This has been well documented for years. The default logon name and password is there so you can access the router's adminitstrative control panel, but you're asked to change them once you do. If you don't change your default admin logon and password, you're pretty much inviting any hacker to use your router. 

 

Besides, to access the control panel you would have to connect to the gateway via wifi or ethernet, and if you allow anyone to do that, well, there's not much any security expert can do for you. 

 

 


"The one thing that you have that nobody else has is you. Your voice, your mind, your story, your vision. So write and draw and build and play and dance and live as only you can." - Neil Gaiman
Diamond Problem Solver

Re: Comcast Xfinity Router Easy Hack


@Betar wrote:

While searching around for a solution to the Arris(modem) password of the day I found out that these routers where being crawled by most common search engines. I found this out by doing the following google query:

1
inurl:"adv_pwd_cgi"
The in quote string comes from the default Arris Login page which looks something like this

1
192.168.100.1/cgi-bin/adv_pwd_cgi
From this page you can access the default Xfinity Login page by doing the following:


FWIW, the 192.xxx IP is a private (non- internet routable) address.

Expert

Re: Comcast Xfinity Router Easy Hack

You’re joking. Not only is that blog post from 2013 (ancient history as far as tech goes) it makes some assertions that are woefully outdated. For one thing, TCP Ports 80 and 8080 are now filtered, not open. Second, it asserts that you can access the gateway at address 192.168.100.1, which not only is a private IP address, but Comcast gateways now default to 10.0.0.1. Lastly, it states that you can access the modem if it's a TM602A among others, which is way outdated and isn't even DOCSIS 3.0 compliant.

If this vulnerability, if this was ever a thing, still existed, there would have been a rash of gateway hacks on Comcast, but there aren't.

So again, please stop with the scaremongering. It's good that you're mindful of network security, but bringing up 5 year obscure blog posts and announcing that the sky is falling isn't helping.

"The one thing that you have that nobody else has is you. Your voice, your mind, your story, your vision. So write and draw and build and play and dance and live as only you can." - Neil Gaiman
Bronze Problem Solver

Re: Comcast Xfinity Router Easy Hack


@USAF_E-8_RET wrote:

Statement from Comcast:

https://forums.xfinity.com/t5/Anti-Virus-Software-Internet-Security/Bug-in-Xfinity-Leaking-Personal-...

 

@Welcome_to_Post - I wasn't sure this is the same statement you were referring to.

 

 


Guess it doesn't matter;  someone removed my post which did say the same thing.

Frequent Visitor

Re: Comcast Xfinity Router Easy Hack

Now that I have Comcast for 5 months I am so glad you told me and Identified me as fear as a monger.

What do I do about all those paused devices I can not identify?

Comcast Xfinity Xfi came here at my expense and installed the equipment and left without one word about how to protect my identity. I paid them for their installation why did they fail to protect me from potential hackers?

NOW, it is my fault that the password is password and user is ADMIN

WHY did no one working at Comcast Xfinity or XFi tell me that their $11 month Routers are easy to hack until you called me NAMES?  

Thanks, now I have to read how to change my router password. 

 

Frequent Visitor

Re: Comcast Xfinity Router Easy Hack

"FWIW, the 192.xxx IP is a private (non- internet routable) address."

Thanks for that info.

I tried using the Comcast Xfinity Xfi (NOT SECURE)

http://10.0.0.1 Router and inserted those presumed hack codes.

File not found.

AND then COMCAST Xfinity or someone shut down my ROUTER for an hour yesterday at 10 AM

HOW DO I VERIFY IT WAS COMCAST XFINITY that shut down their rented router and NOT A HACKER? 

SO Far, I tried locking all the ways into this router out. NO plug and play and ZERO Config.

WELL, how do I change the Password into the Router Gateway?

ADMIN and PASSWORD ?

Frequent Visitor

Re: Comcast Xfinity Router Easy Hack

Why are you acting so emotional?

I read that some people have methods to hack Comcast Xfinity Xfi Routers and you turned on me and attacked me.

I PAID Comcast money for a brand new account 5 months ago and forgot.

Why should I know anything? The two installers came in and placed these boxes in my house turned on my TV and connected my Laptop and asked me to give them a user name and password and LEFT.

I paid Comcast Xfinity for their service and NO ONE told me anything NOT ONE BOOK, NOT one link how to protect my identity.

BUT you are screaming Fear and foaming at the mouth and use an identity like a DARK ANGEL?   

I am just a customer that is concerned about my identity.

WELL now that I read your response I am still concerned about my information.

Mr Dark Angel, If you can, give me a straight answer?

Stop talking nonsense and tell me how to change my Gateway Password and User Name????? 

Frequent Visitor

Re: Comcast Xfinity Router Easy Hack

FWIW, Why did Opera News inform that Comcast Routers can be hacked and

I later discover that the original News Sources were 5 years Old?

The News mingled the new hack that Comcast Xfinity X-1 just shut down if someone picked your bill out of the trash to gain access to your account with Old News that one of their older model Routers could be easily hacked.

Set Me up why don't you?