Bright House Networks Support. The lights on the front of your modem can help you determine whether it is operating properly. For information about the lights on your. Descargar drivers para modem scientific atlanta 2100 Download descargar drivers para modem scientific atlanta 2100. No more missed important software updates!
• mailing list archives Scientific Atlanta DPC2100 WebSTAR Cable Modemvulnerabilities From: Dan Rosenberg Date: Mon, 24 May 2010 13:31:24 -0400 =============================================================== Scientific Atlanta DPC2100 Cable Modem Cross-Site Request Forgery and Insufficient Authentication May 24, 2010 CVE-2010-2025, CVE-2010-2026 =============================================================== ==Description== Scientific Atlanta, a Cisco company (www.cisco.com), produces the WebSTAR line of cable modems, which are widely deployed by cable providers, especially for home usage. Certain versions of the firmware for the DPC2100 model feature a web interface that is vulnerable to the following issues.
Testing was performed on a DPC2100R2 modem, with firmware v2.0.2r1256-060303. Other WebSTAR modems and firmware versions may be vulnerable as well. Cross-site request forgery (CSRF). Several features provided by the web interface fail to properly establish sessions that restrict access to authorized users, including forms for changing the administrative password, resetting the modem, and installing new firmware. An attacker may create a malicious website that, when visited by a victim, updates these settings on the victim's modem on the victim's behalf without their authorization or need for any additional user interaction. This can be used to deny service by resetting the modem or wiping the firmware, to change the default administrative password, or potentially to steal information from the victim by installing malicious firmware. Giochi Di Carte Solitaire Download Gratis more. This issue has been assigned CVE-2010-2025.
Insufficient authentication. The modem's access control scheme, which has levels numbered from 0-2 (or 0-3 on some other models), is not properly checked before performing operations that should require authentication, including resetting the modem and installing new firmware. The modem requires the proper access level to access web interface pages containing forms that allow a user to perform these actions, but does not properly authenticate the pages that actually carry out these actions. By sending a POST request directly to these pages, these actions may be performed without any authentication.
Attacks may be performed by an attacker on the local network or by leveraging the CSRF vulnerability. This issue has been assigned CVE-2010-2026. ==Identifying Vulnerable Installations== Most home installations of this modem will feature a web interface that is accessible at '. The following proof-of-concept code may be used to test for vulnerability. It leverages the CSRF vulnerability to change the access level of your modem to the most restrictive settings (a harmless action). If your modem is vulnerable, then you will be presented with a message stating that your settings have been successfully updated. If you are greeted with a page stating there was a 'Password confirmation error', then your modem password has been changed from the default but you are still vulnerable.
If you are greeted with an HTTP authentication form or other message, then your model is not vulnerable. Test for CSRF vulnerability in WebSTAR modems document.csrf.submit() ==Solution== In most cases, home users will be unable to update vulnerable firmware without assistance from their cable providers. If your firmware is vulnerable, contact your cable provider and request a firmware update to the latest version. For the DPC2100R2 modems, the latest version string is dpc2100R2-v202r1256-100324as. Download Dstv For Tecno Android on this page.