# SMC8104 combination cable modem and wireless router vulnerability



## Mumbodog (Oct 3, 2007)

http://www.v3.co.uk/v3/news/2251925/router-flaw-raises-security

http://chenosaurus.com/2009/10/


----------



## JohnWill (Oct 19, 2002)

Well, this is somewhat of a half-truth.

Many routers come with WEP as a default, but you can configure better encryption. This router supports WPA/WPA2, so that's not really an issue unless you're naive. Gee, a lot of routers come with wireless enabled with *NO* security, talk about a security hole!


----------



## Mumbodog (Oct 3, 2007)

> After poking around using the customer account, I found that access to the admin features of the router has been disabled via Javascript. You heard me correct, the web admin for the router simply uses a script to hide certain menu options when the user does not have admin privileges. By simply disabling Javascript in the browser, I was able to access all the features of the router. With that access, I am now able to change the wifi settings, port-forwarding, etc.
> QUOTE]
> 
> I don't think this is the norm on routers.
> ...


----------



## JohnWill (Oct 19, 2002)

I think if you get into the router's configuration files, you can probably do that with any router and Javascript.


----------

