Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsVodafone New ZealandHG659 security fails, ports 80 and 443 open, update firmware ASAP!


24 posts

Geek


# 181127 3-Oct-2015 13:38
Send private message

Been with Vodafone a little over 6-7 weeks and I am surprised everyday!

Couple of days back 1st Oct somehow the wifi password had been changed mysteriously and today internet was playing up.

So I thought I would do a port check to make sure my internet is secure etc. I used the excellent shields up tool from grc here click common ports https://www.grc.com/x/ne.dll?bh0bkyd2

Was very surprised to find that port 80 and 443 were open! Navigate to my public ip address and can see the router home page omg! 

And then my internet really stopped working but the telephone and Vodafone sky still worked perfectly. Spent a wasted hour on phone with Vodafone technical support turning stuff on and off...cause you know this is the magic cure for all ailments! Anyway after being told there is nothing more they can do and basically to go away and sort it out myself. Anyway 10 minutes after hanging up internet starts working again arrrrrrrrrrghhhhhhhhhh!!

So back to sorting out this port issue and other mysteries, first thing I did was download and upgrade firmware from here HG659-13V100R001C206B019_main.bin http://help.vodafone.co.nz/app/answers/detail/a_id/24400/~/upgrading-the-vodafone-homehub-%28hg659%29-firmware-to-the-latest-version

Previously was on the B009 version I think...

Went smoothly no issues except for admin password changing. Do another port check and surprise the ports are now in stealth mode by default great!

I did read a few posts from Vodafone on forum and Twitter saying having this port open is perfectly safe and secure nothing can go wrong.....closing this means WE can't help you. Yeah right Vodafone support had no idea what they were doing and having access to router made no difference.

Repeat NEVER EVER expose open ports to the internet ESPECIALLY port 80 and 443 to YOUR router unless you know what you are doing! <rant over>

Edit more rant: Changing Admin password disables pasting into password fields another FAIL, however does allow you to paste when logging in so good (I use 1Password). Read here for why disabling pasting is bad http://www.troyhunt.com/2014/05/the-cobra-effect-that-is-disabling.html

Create new topic
1411 posts

Uber Geek


  # 1399352 3-Oct-2015 13:55
Send private message

Did you ever disable the firewall on your previous configuration? Navigating to your public IP address from within your LAN is different to coming in on the WAN side, different firewall rules will apply.

Updated firmware thread - http://www.geekzone.co.nz/forums.asp?forumid=40&topicid=177650 



24 posts

Geek


  # 1399355 3-Oct-2015 14:05
Send private message

yitz: Did you ever disable the firewall on your previous configuration? Navigating to your public IP address from within your LAN is different to coming in on the WAN side, different firewall rules will apply.

Updated firmware thread - http://www.geekzone.co.nz/forums.asp?forumid=40&topicid=177650 


The firewall on router is disabled on this and previous configuration. Unfortunately I cannot recall if I tested from WAN so cannot confirm. However the GRC test is external so port 80/443 open would suggest you could still access web interface.

I would be interested to know if others who do have port 80 and 443 open can access there router web page using another internet connection Eg from mobile connection.

 
 
 
 


1017 posts

Uber Geek

Trusted

  # 1399357 3-Oct-2015 14:31
One person supports this post
Send private message

IIRC the HG659 interface is IP restricted to only allow logon from selected Vodafone IPs unlike the HG556a which was open and could be logged into by anyone who has your IP and the default support Username / password.
When I was working at Vodafone, Being able to remotely access router made all of our lives much easier. Try explaining to the average user how to navigate to the router and change the Wifi password!, MUCH easier to do it for the customer.

IMO if you're that concerned about security and your ports being open, an ISP router is not for you and you should get your own that you can manage yourself. For most customers ISP modems work sufficiently and allow ISP reps to help perform tasks that would otherwise confuse end users and take 10x as long to do.


PS your HG659 also likely has ports open for TR-069 wink 

 



24 posts

Geek


  # 1399389 3-Oct-2015 15:06
Send private message

Andib: IIRC the HG659 interface is IP restricted to only allow logon from selected Vodafone IPs unlike the HG556a which was open and could be logged into by anyone who has your IP and the default support Username / password.
When I was working at Vodafone, Being able to remotely access router made all of our lives much easier. Try explaining to the average user how to navigate to the router and change the Wifi password!, MUCH easier to do it for the customer.

IMO if you're that concerned about security and your ports being open, an ISP router is not for you and you should get your own that you can manage yourself. For most customers ISP modems work sufficiently and allow ISP reps to help perform tasks that would otherwise confuse end users and take 10x as long to do.


PS your HG659 also likely has ports open for TR-069 wink 

 


So at the expense of making the wifi router user friendly to use, we should instead open every customers router to the internet in the off chance someone wants to change a wifi password. As noted the Vodafone support person I spoke to made no use of this interface. 

IMO I am using a router provided by a global company not some 2 bit outfit, I expect better. The new firmware does tighten security so someone at Vodafone was using their brains.

Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01

NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00

New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33

IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07

Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42

MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40

NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15

Microsoft Translator understands te reo Māori
Posted 22-Nov-2019 08:46

Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00

Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08

Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55

Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19

Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48

CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42

Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.