Router has a telnet vulnerability

Discussion in 'hardware' started by ando35, Sep 2, 2013.

Thread Status:
Not open for further replies.
  1. ando35

    ando35 Registered Member

    Joined:
    Oct 27, 2010
    Posts:
    18
    Apparently my router (ATT DSL Motorolla NVG510) has a telnet vulnerability in which someone can enable telnet and then gain root access.

    If I disable telnet in my pc and block port 23 (telnet) will that adress it? I don't think it will.

    Any ideas besides bridging it.
     
  2. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
  3. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    657
    Location:
    Southwestern Massachusetts
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    I have no idea if it would help, but what about limiting the IP addresses that can remotely access it to a local range? e.g. 192.168.1.2 - 192.168.1.50

    If they had root they could easily overwrite that, but it might prevent the connection in the first place?
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Do you have more information on this vulnerability?

    If they have to launch the attack from within the network you can just block telnet from your side of things. If they can launch it from outside of the network you need to take other measures, like updating your firmware, putting a hardware firewall outside of the router, or some other hardening method depending on the attack.
     
  6. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    Afaik, Telnet, as a protocol, has always been vulnerable for use over the Internet.

    If you can login to your router as admin with root access, then you might be able to disable telnet altogether from external access. If you have never changed the default admin password, now would be the time to change it, but first contact your router vendor about how long the admin password field is before you change it if the router documentations does not tell you that information.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.