Hi folks,
I could have sworn I posted something yesterday but I may have just be reading the preview.
Basically I just wanted to note that I've found at least one CenturyLink customer that has their modem's web admin page accessible from the Internet, and they haven't changed the password. This particular customer (a relative) has no technical wherewithal and certainly didn't change it herself. Subsequent searches using shodanhq.com indicate that this might be a default configuration for some modems.
I would suggest you go to one of the port checking sites (some examples below) to see if port 80 is accessible on your modem. If so, you may want to log in and disable that functionality or at least change the password. Someone from the Internet could, in most cases, set up port forwarding and/or change wifi settings so that they could potentially compromise your network.
I notified CenturyLink of this issue about four weeks ago, so they have had some time to review and implement a fix for new customers at least (unconfirmed).
Port checking sites: (google 'check open ports' to find others)
http://www.yougetsignal.com/tools/open-ports/
https://www.grc.com/x/ne.dll?bh0bkyd2
http://www.canyouseeme.org/
Thanks
↧