Ubee Dvw3201 Modem Manual Download

Posted on  by 

Platforms / Firmware confirmed affected:

Ubee's DOCSIS 3.0 EMTA provides fast data rates up to 320 Mbps downstream and up to 160 Mbps upstream, enabling MSOs to offer value added competitive services. The Ubee DOSCIS 3.0 EMTA was among the first 8X4 products certified by Cable Labs. Jul 24, 2013  Disable the wireless on the Ubee and plug the WAN port of your old router into the Ubee. Plug your desktop into one of the Lan ports on the old router and run the speed test. Yes, you are double-NATing the connection but it will still work IF you are able to set the DHCP scope to a different range than the Ubee gives - e.g. Ubee: 192.168.1.x. Ubee Ddw3611 Manual Read/Download Ubee DDW3612 Cable Modem. Ubee DDW3611. The DDW3612 is well suited for mass Product Description, User Manual. High Speed The DDW3612. On the 'Speed and Duplex' panel select Auto-Detect and then manual on the 'IP Address Setting' to finish this string of panels. Ubee DOCSIS 3.0 DDW3611. Ubee DDW3612 Pdf User. DVW3201B by Ubee information and hardware knowledge base. Dec 01, 2012  I updated my internet service from Time Warner Cable. I went from Road Runner basic to EXTREME! (OK, it's not that extreme but it certainly was advertised that way). Anyways, I'm now getting. Ubee dvw32cb, dvw32c1 dvw32cb Is Similar To: U10c018.11 Ambit Ubee Docsis 2.0 Broadband Cable Modem Fully Tested Units Mint (35.8% similar) We don't reply to emails. Terms conditions all sales are done in good faith we have an ability as a business to resolve any issue for you if you have a frustration or dis appointment after your purchase.

  • Ubee EVW3226, 1.0.20
  • Product page: http://www.ubeeinteractive.com/products/cable/evw3226

Vulnerabilities

Insecure session management

The web interface does not use cookies at all. If admin login is successful, the IP address of the admin user is stored and everybody can access the management interface with the same IP.

Local file inclusion

Setup.cgi can read any file with .htm extension using directory traversal in the gonext parameter. Although the file must have htm extension, the local file inclusion can be used to map directories, because the response is different depending on whether directory exists or not.POC:http://<device_ip>/cgi-bin/setup.cgi?gonext=./www/main2

Backup file is not encrypted

Although the web interface requires a password for encrypting the backup file, the encryption is not performed. In order to backup file password, the plain password is stored in the backup file, which is a standard tgz (gzipped tar) file with a simple header.

Backup file disclosure

When a user requests a backup file, the file is copied into www root in order to make download possible. However, the backup file is not removed from the www root after download. Since there is not any session check required to download the backup file, an attacker is able to download it without authentication from LAN until the next reboot.Since the backup file is not encrypted and contains the plain admin password, the router can be compromised from LAN.POC:http://<device_ip>/Configuration_file.cfg

Authentication bypass (backdoor)

The web interface bypasses authentication if the HTML request contains the factoryBypass parameter. In this case a valid session is created and the attacker can gain full control over the device.POC:http://<device_ip>/cgi-bin/setup.cgi?factoryBypass=1

Arbitrary code execution

Ubee Dvw3201b Manual

The configuration file restore function receives a compressed tar file, which is extracted to the /tmp folder. Tar files may contain symbolic links, which can link out from the extraction folder. By creating a configuration file with a symbolic link and a folder which uses this link, the attacker can write out from the backup folder and can overwrite any file in the writable file-system.Since www is copied to the writable file system at boot time (under /tmp), the attacker can insert a new cgi script that executes arbitrary code with root privileges.

Default SSID and passphrase can be calculated

The default SSID and passphrase are derived only from the MAC address. Since the MAC address of the device is broadcasted via WiFi, the default password can be calculated easily.Combined with code execution and factory bypass, even a botnet of Ubee routers can be deployed easily.

Buffer overflow in configuration restore

During the configuration restore process, the backup file password is read from the pass.txt file. If the password is large enough (larger than 65536), a stack based buffer overflow is caused, because the file content is loaded with fscanf(“%s”) to a stack based local variable. The stack based buffer overflow can be used to execute arbitrary code with root privileges.

Buffer overflow in configuration file request

The web interface identifies the configuration file download request by checking that the URL contains the Configuration_file.cfg string. If this string is found, the whole URL is copied into a stack based buffer, which can cause a buffer overflow. This stack based buffer overflow can be used to execute arbitrary code with root privileges without authentication.POC:http://192.168.0.1/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaConfiguration_file.cfg

Buffer overflow in next file name

The gonext variable in the POST requests specifies the HTML file, which the cgi script should be loaded. If the gonext variable is large enough (larger than 6512 bytes), a stack based buffer overflow is caused, which can be used to execute arbitrary code with root privileges without authentication.

Communication on the UPC Wi-Free can be sniffed within the device

Ubee Cable Modem Dvw3201b Manual

The UPC Wi-Free communication is not separated correctly inside the device, because the whole communication can be sniffed after gaining root access to the device.

Timeline

  • 2015.06.24: Presenting the Ubee router problems to the CTO of UPC Magyarorszag
  • 2015.07.16: UPC contacted Ubee and required some more proof about some specific problems
  • 2015.07.16: Proofs, that the default passphrase calculation of the Ubee router was broken, were sent to UPC
  • 2015.07.20: UPC requested the POC code
  • 2015.07.21: POC code was sent to UPC
  • 2015.07.30: We sent some new issues affecting the Ubee router and other findings in Technicolor TC7200 and Cisco EPC3925 devices to UPC
  • Between 2015.07.31 and 08.12 there were several e-mail and phone communications between technical persons from Liberty Global to clarify the findings
  • 2015.08.19: UPC sent out advisory emails to its end users to change the default WiFi passphrase
  • 2015.09.16: Ubee Interactive also asked some questions about the vulnerabilities
  • 2015.09.24: We sent detailed answers to Ubee Interactive
  • 2016.01.27: UPC Magyarorszag send out a repeated warning to its end users about the importance of the change of the default passphrases.
  • 2016.02.16: Face to face meeting with Liberty Global security personnel in Amsterdam headquarters
  • 2016.02.18: A proposal was sent to Liberty Global suggesting a wardriving experiment in Budapest, Hungary to measure the rate of end users who are still using the default passphrases.

POC

POC script is available to demonstrate the following problems:

Ubee Dvw3201 Spectrum

  • Authentication bypass
  • Unauthenticated backup file access
  • Backup file password disclosure
  • Code execution

Video demonstration is also available, which presents the above problems and how these can be combined to obtain full access to the modem.

Recommendations

Since only the ISP can update the firmware, we can recommend for users to change the WiFi passphrase.

Links

  • Powerful COM Port wrapper Active-X. Can be used with Visual Basic, Delphi, MS Visual C++, Java Script, and any other applications capable to host AxtiveX components.A list of features * Support of any port number, rate, and port options (parity, stop bits, etc).

    • modem_activex.zip
    • SoftCab
    • Shareware ($49.95)
    • 51 Kb
    • WinXP, WinNT 4.x, WinME, Win2000, Win Vista, Win98

  • slmodem is a SmartLink soft modem for Linux. slmodem project provides a full-featured 56K voice fax modem.This is implemented as a generic application (slmodemd) and a set of hardware specific kernel-space drivers (slamr and slusb).

    • slmodem
    • Sasha Khapyorsky
    • Freeware (Free)
    • 848 Kb
    • Linux

  • Configure your modem for a better performance while surfing in the web, playing Configure your modem for a better performance while surfing in the web, playing online games and downloading files. It also configures Internet Explorer for better stability.

    • mspeed.exe
    • PlayNowGames
    • Freeware (Free)
    • 3.11 Mb
    • Win95,Win98,WinME,Windows2000,WinXP

  • All Modem Tweak is utility designed to unleash the full potential of your Internet Connection. By default, most modems and network connections in Windows are not configured to transfer data at their maximum or their most efficient speed. While the. ..

    • allmodem.exe
    • Tweaker Guy
    • Freeware (Free)
    • 696 Kb
    • Win2000, Win7 x32, Win7 x64, Win98, WinVista, WinVista x64, WinXP

  • speed up your Internet access up to 200% - 300% ? it accelerates anyWindows95/98/Me/NT/2000/XP internet connection in seconds.

    Hp laserjet 4p user manual download. HP LaserJet 4p/mp Printer series Choose a different product series Warranty status: Unspecified - Check warranty status Manufacturer warranty has expired - See details Covered under Manufacturer warranty Covered under Extended warranty, months remaining month remaining days remaining day remaining. Download the latest drivers, firmware, and software for your HP LaserJet 4p/mp Printer series.This is HP’s official website that will help automatically detect and download the correct drivers free of cost for your HP Computing and Printing products for Windows and Mac operating system.

    • ModemOptimizer.exe
    • StartFiles
    • Shareware ($11.00)
    • 1.27 Mb
    • Win95, Win98, WinME, WinNT 3.x, WinNT 4.x, WinXP, Windows2000

  • Modem Monitor is a program for monitoring a status and performance of the remote (or local) modem or any network interface. Modem Monitor is a unique in industry program, which allows to monitor not only per-connection statistics. It allows to. ..

    • modem-monitor-setup.exe
    • AGG Software
    • Commercial ($45.00)
    • 2.7 Mb
    • Windows XP, Windows 2000, Windows NT, Windows

  • NetScream is a tool for all that allows you to modify your modem settings to increase internet performance up to 200 percent!! No modifications to your hardware are made and all adjustments and settings are done in an easy to use interface.

    • netscream.exe
    • SwiftDog
    • Shareware ($14.99)
    • 1.5 Mb
    • Win2000, Win7 x32, Win7 x64, WinServer, WinVista, WinVista x64, WinXP

  • A simple application that generates desirable files for uploading with computer modems achieving top speeds! (56K modem up to 33 Kb/s! *with modem connected on parallel port) Operation principle: Almost every new modem has build-in hardware. ..

    • FFG - Fake Filez Generator
    • Ajo
    • Freeware (Free)
    • 862 Kb
    • Any Platform

  • Output level,Upstream power level,Input level,Downstream power level,Ping of modem,Upstream frequency,Downstream frequency,Model of modem,Downstream signal to noise ratio,Name of config file,Detect standby mode of modem,Modem up time. ..

    • cmd.exe
    • PatilanSoft
    • Freeware (Free)
    • 748 Kb
    • Windows2000, WinXP, Windows2003

  • Null-modem cable is basically used for communication of two RS-232 DTE devices with each other. To create null-modem connection between the devices you need to use two computers or two serial ports of a single computer connected with null-modem. ..

    • Download_vnullmod20.exe
    • AGG Software
    • Shareware ($74.00)
    • 2.99 Mb
    • WinXP, Windows2000, Windows2003

  • There are many old communication applications that require a direct modem connection. This program allows you to substitute physical phone lines with a local TCP/IP network or the Internet without investing thousands into new communication software.

    • virtual-modem.zip
    • FabulaTech
    • Shareware ($149.00)
    • 3.7 Mb
    • WinXP, WinVista, WinVista x64, Win7 x32, Win7 x64, Win2000, Windows2000, Windows2003, WinServer, Windows Vista

  • Boost your Internet Speed! Slow connection hindering your enjoyment of the Internet? Enhance your internet connection and Boosts your Internet speed up to 300% with Modem Boosters proprietary PING technology! Max Out your Modem Speed! Modem Booster. ..

    • Modem Booster
    • inKline Global, Inc.
    • Shareware ($24.95)
    • 1.74 Mb
    • Windows 2003, XP, 2000, 98, Me, NT
Modem
Related:Ubee Modem - Ubee Modem Drivers - Modem Type Qualcomm Usb Modem - Modem Driver Alfex Usb Modem - Modem Driver Alfex Pci Modem

Ubee Modem Dvw32cb Manual


Ubee Cable Modem Manual

Pages : <1 2 3
Coments are closed
Rca Rp3721 Manual DownloadYamaha Htr-5540 Manual Download
© 2020 - alibi.netlify.app
Scroll to top