Richard Chirgwin reports:
The new year begins as the old year ended: with yet more vulnerabilities turning up in consumer-grade DSL modems.
A broad hint for any broadband user would be, it seems, to never, ever enable any kind of remote access to the device that connects you to the Internet. However, the hack published by Eloi Vanderbeken at github, here, resets devices to factory default, enabling a remote attack without the password.
Vanderbeken says the backdoor is confirmed in devices from Cisco (under both Cisco and Linksys brands, the latter since offloaded to Belkin), Netgear, Diamond, LevelOne and OpenWAG. According to a post on HackerNews, the common link between the vulnerable devices is that they were manufactured under contract by Sercomm.
Read more on The Register.