Hi all,

My friend who is using Fibre at home just gave me their Vodafone provided HG659 router and I noticed there is a major potential security problem on the VoIP setting somewhere.

What happens is I was trying to use it as a standalone AP but failed as described in
http://www.geekzone.co.nz/forums.asp?forumid=66&topicid=185148

So, I also upgraded its firmware to the latest, i.e. this one as well as reset the router to factory default several times
http://help.vodafone.co.nz/app/answers/detail/a_id/24400/

Since I failed to make it work as a standalone AP by having HG659's WAN port connected to the LAN port of my internet connected router, I decide to connect the HG659 router's WAN port directly to the Fibre modem. Not surprisingly, HG659 acquires internet access this way.

However, once it is internet connected, it also manage to download VoIP configurations from somewhere and its VoIP light is green, i.e. the VoIP setting is successfully registered and working. Inspection of the router's VoIP page shows my friend's home number is showing on the VoIP page.

The point is I have already reset the router to factory default and also upgraded its firmware, so there is no way the VoIP settings is coming from the router. I am 100% sure the VoIP page is blank before the HG659 router is connected to internet. In fact, I had tested this at least twice and I am 100% sure the setting magically appears by itself.

I have also checked with my Friend who said their Vodafone fibre account is cancelled and they are now using Spark instead.

Does anyone know what is going on with the HG659 router? or do you know how to stop this?
It seems that the router is downloading VoIP settings from Vodafone or similar...

This is a security problem and have great potential to cause problems to those who sold their unused HG659 routers because someone else now have full access to their landline home phone. (There are plenty of people selling Vodafone provided HG659 routers on trademe....)