Have you guys seen this new thread:
Why Not Recall The Technicolor TC dpc3941T (formerly Cisco dpc3941T) AP's? (Modem/Router combos)
The exploit itself: https://www.exploit-db.com/exploits/40982/
And, in a way more impomtantly here are details on an exploit via a CVE database. https://www.cvedetails.com/cve/CVE-2016-7454/
Again CVE-2016-7454 .. also note http://www.cvedetails.com/cve/CVE-2016-1325/
The first one's description is 'SSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.'
NIST even regards 1325 which targets the DPC3941 as a 7.5 out of 10 threat. https://nvd.nist.gov/vuln/detail/CVE-2016-1325
And the first of the two as an 8 out of 10. https://nvd.nist.gov/vuln/detail/CVE-2016-7454
I say these units all must be replaced with units which at the least lack any published CVE's unresolved, not fixed, with a severity above a 2 or 3. There shold be a reasonable policy on this. If you have one of these units, you should definitely ask it be replaced by another newer model if possible. Any thoughts on my opinions appreciated, and if level 2/3 techs and so forth want to prove me wrong, I'm fine with that too.
I believe it ... I don't think that many in level 1 or level 2 have ample experience to reasonably address the issue. I do know this, if an issue is on going and continuous, it becomes a pattern and practice of those who know the issue is real but refuse to take the necessary steps to correct the problem, liability will attach and some one who is prone to initiate litigation because they ordered their coffee hot - will at some point feel froggy and jump. Eagle II sends
... View more
This past Friday, at comcast tech nudging I switched from out Motorola Surfboard sbg6580 to the Technicolor DPC3941T. We have had the Motorola for a few years and it was fingered by the tech as the reason we were not receiving the 150 - 200mbps connection. One installed, the speed never changed, exactly the same at the moto. BUT, Jane being the liberal she is agreed to give it a week or so to do what it should have done once booted and on the system. BUT WAIT: Last evening I was watching a movie over at tv.xfinity.com and about in the middle it froze. I said, "here we go, another Whiskey Tango Foxtrot moment" as despite we were just gleaning over 100mbps an issue like that had not occurred for the entire life of the moto. So I check (via smart phone app ) for an outage. Nothing appeared to be out and all lights on my online check were green ( good to go ) I did a speed check and we were barely getting 35mbps.. then I decided to run some checks. And I want to know WHY this happened only after the Technicolor Gateway was installed... my first instinct was to check DNS and what do I find? Sadly, you already know, don't you. APPARENT AS I SERACHED FOR HIJACKED DNS AND ENDED UP HERE. Our DNS appeared to becoming from - you guessed it - utopia.net. Being on the web before it was the web and only message based, going into the BBS era abd programming mail tossers between FIFONet, RBBSNet, GTPowerNet to name a few and the then message base internet in the 80's and coming of age as the web matured and finally buying a domain in 1996 ( I still own ) I think I have learned my way around.. though after 70 years on the planet life can get some what foggy and what you once were very familiar with seems to hide out in the deep dark spaces of your growing senile mind.. I decided to check further. And what did I find? The IP Addy for the jerks that hijacked the DNS IP Address 22.214.171.124. And where did that take me? Registry Registrant ID: Registrant Name: Utopia Network Registrant Organization: Utopia Network Registrant Street: 8121 20 Ave, Apt B3 Registrant City: Brooklyn Registrant State/Province: NY Registrant Postal Code: 11214 Registrant Country: US Registrant Phone: +1.7182566976 Registrant Fax: +1.7182566976 Who IP appears to be hosted/coming from here: Point of Contact Name Tech Admin Handle TECHA29-ARIN Company Confluence Network Inc Street 3rd Floor, J&C Building, P.O. Box 362 City Road Town State/Province TORTOLA Postal Code VG1110 Country VG Registration Date 2011-06-20 Last Updated 2017-03-08 Phone +1-415-358-0891 (Office) Email email@example.com And it gets better. What BLACKLISTS are we looking at concerning these folks? SPAM tools: Blocklist lookup 1. Adult hosting At least one domain hosted on this IP address is marked as containing adult content. more info listed 2. Hackers, Spyware, Botnets etc. listed Why hasn't something been done? Why isn't that IP and any other IP traced that may be doing or trying the same tricks UNIVERSALLY banned from access ( don't tell me that can't be done ) I was going to take the time to call Comcast/Xfinity security at 877 - 807 - 6581 - the number I requested from tier 1 support last eve, but after a due diligence check, why should I, as it is verifiable the issue appears to be well known. Spinning my wheels at my age is not really much fun. Jane and I have both enjoyed xfinity save for speed issues, but now feel duped into changing from a perfectly working gateway to one that was hijacked in less than 48 hours from install we will be assessing our options. AT&T has installed a fiber line through our back yard and a gig connection is cheaper than what we have now, install and modem included ( among other things ) Even if we only got 500mbps off the gig, this old f**t isn't going to complain.
So you call security ComcastDNS and get this black hole closed And, really consider dumping that Technicolor DPC3941T seeing it opend the door to the dark web with an issue that appears to be on going and continuous in your forums as well as other forums like DSL Report on the web. Joe Over 70 years on the planet and all I want to do is enjoy my last days of life on the web I grew up with. Respect your web elders .. I opened my domain on: Creation Date: 1996-08-18T04:00:00Z Comcast opened it's domain Creation Date: 1997-09-25T04:00:00Z
... View more