About campotterbrook

campotterbrook · ‎08-15-2021

Mark, Your responce is deeply concerning. I (perhaps all of us) would like to hear that you are aware of the venerability and are going to rollout a firmware update asap. Furthermore, instead of misinforming your customers of who is not effected, you should be more clear about who is effected, how they are effected and what they can do to midigate exploitation. As I understand it, anyone with local access to any HT200W can gain full admin privileges to its network. This is both residential and business accounts. Additionally business accounts are venerable via the internet! This hack is so simple that any child connected to the internet can gain access to your business' networks from anywhere in the world. PS: Double-Nat is a major no-no and is one of your worst qualities. From one tech to another I suggest you take responsibility and try to help your customers instead of trying to dismiss a massive venerability.

campotterbrook · ‎08-15-2021

Hughesnet's HT200W Modem/Router is listed as one of the vonerable routers discovered by Evan Grant of the security company Tenable. Anyone who has access to an HT200W router's admin page (from inside your network or from the internet) can use an old trick called directory traversal to gain admin privileges and therefor access to your network. Tenable's list of known venerable routers: https://www.tenable.com/security/research/tra-2021-13 I learned of this from the Naked Security podcast: https://nakedsecurity.sophos.com/2021/08/10/home-and-small-business-routers-under-attack-how-to-see-if-you-are-at-risk/ I would have let tech support know privately had my attempts to reach tech support via hughesnet website's chat and email options not resulted in blank pages.

Online Status	Offline
Date Last Visited	‎08-15-2021 09:44 AM

About campotterbrook

Re: HT200W Venerability in the wild

HT200W Venerability in the wild