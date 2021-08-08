More info about this here: Multiple Modem Routers Vulnerable to Unauthenticated Attacks | TechNadu and here: Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers - Research Advisory | Tenable®

The current firmware for Spark's Smart modem (which is now also on Skinny's modem I gather after it updated to match) is listed as vulnerable.

Remote WAN access is disabled in ours but I'm not sure where and how to disable remote administration services in the Spark Smart Modem web page, or how to disable the web interface on the WAN. Can someone advise please?

I would hope Spark are aware of this and doing something about it especially as it is their currently deployed device for both DSL and fibre. I note in the Timeline in sthe second article I linked to, that Arcadyan were advised about this back in April.

EDIT: It's also in Bleeping Computer today. They report attacks started happening 2 days after the PoC was made public on Aug 3rd. Actively exploited bug bypasses authentication on millions of routers (bleepingcomputer.com)