Telekom Malaysia Berhad ™ wishes to clarify the concerns raised by various parties with regards to the remote accessibility of UniFi routers which are part of the customer premises equipment (CPE) for all UniFi subscribers.


TM would like to assure all concerned parties that the only reason the UniFi router setting for remote access is enabled is for remote access troubleshooting purposes for the express use of our technical support personnel. In the event there is a technical support issue with any of our UniFi subscribers; at the first level of troubleshooting, TM’s network operation centre (NOC) can immediately remotely diagnose the problem before sending a support team on-site.


TM takes note of the security concerns that have been raised, and we have taken these issues to heart.


TM also acknowledges that there is a need to balance the public’s level of comfort with regards to security and privacy and TM’s own commitment to faster support turnaround time. As such, TM would like to maintain the higher level of service enabled by remote access management on customer routers, and in recognition of that TM will immediately change every UniFi customers’ router management password into a high security, unique one (which will be only known to the customer and TM). TM will notify all our Unifi customers of this change accordingly.

I just got my unifi today and when I log in my router, I can't see TR-069 Protocol as well as my operator password. I have already changed my wireless password as well as my admin password. I am using firmware 7.05 which is shown on my router page. I saw a few pages back that I have to UNTICK Enable Remote Management? Thanks

You have to log into the operator account :3

http://unifi.athena.my/index.php?option=co...id=47&Itemid=59

How do I log into the operator account. I have been reading the guide for 3 times already Mine only contain the admin password box and and remote management. I don't see any operator as well as SSH+Telnet like your picture

go to the login page at 192.168.0.1

username : operator
pass : telekom

or pass : your pppoe pass backwards

or pass : unifi backwards

if these combinations dont work ask your installer for the 'operator' account password

Oh, I get it now So I have changed my operator and admin password. I have followed your guide on what to disable
The only thing I didn't enable is the Firewall. Should I enable it? I download pretty often using utorrent. So will it have any problems if I enable?
Thank you so much for helping. That is all right?

This post has been edited by azrinarizz: Jun 17 2010, 06:22 PM

Firewall.. I don't know, BT is kinda heavy on home router firewalls. You can enable it if you want but NAT + securing your router should be enough protection.

Ok then. I will see how my torrent goes and I can change it later. I am wondering, what is NAT?

You have a single public IP (110.159.x.x) which is shared on a private network (192.168.0.0/24). That's wut NAT does.. unless you enable port forwarding, no one will be able to connect to PCs behind your router on the private network directly so in that way it's 'secure' :3

Oh alright. I get it now. Thanks for helping me out

so that what NAT do LoL i never know.

Woot nice thing here,i think this thread should be pin up so that all unifi user will be aware of it... luckily my unifi not yet set up the technician will soon be here to do the unifi... i sure shoot him kau kau.

Wow i thought i was already fixed by tmnet.It had been so many years since this exploit found and abused by many ppl.
You just need a simple scanning proggie and voila you can have access to the user's router web management page. What was disclosed by rizvanrp was indeed repeated the whole history again but now with an open sshd laying inside it makes the hackers jumping yay all around.

i wanna ask why is my internet connection having problem after i untick the remote management box? but there is no problem if i tick it. hmmm..

eh where's the CCNP's guy now ?

HOLY CRAP! JUMPIN JIGGAWATS WATSON! dude, by uploading the screenshot, aren't you risking yourself and other UNIFI subscribers from hackers and arseholes?

great post by rizvanrp. x a unifi user anyway, but if i'm a hacker, this would be Heaven (me) n Hell for all of u

Don't worry. tmnut is keeping tabs so they should fix it.

it's funny how a final year student can open up the eyes of experts & technical staffs at TM...i give u crdt on this rizvan...u really know ur stuff...and i can see that u will have a bright future in the network/security field if u are in it...

to me, they can have or enable the remote management but not set the source of IP to 0.0.0.0...that's like inviting everyone to your router...what TM could do is set a specific IP that could access that router...eg. for this area/block of users, only IP 202.108.0.133 can access that router...this will slightly narrow down the possibility of an intrusion, but not totally....all IT/network/security experts should know that no system or machine is 100% secured...also, TM should crack their heads to harden that busy box...ever heard of soekris or magic box?...small as they are, big on their capabilities...

juz my 2 cents

@greg

It doesn't even matter if they did do the IP based hardening or set up a 50 character random password.



This is a snapshot of the source code of the page which handles the backup/restore configuration section of the routers user interface. The firmware itself is flawed. It pulls the configuration backup file directly from the router without running through PHP (requiring authentication).. so anyone can still break into the router easily just by grabbing the config.bin directly. You don't even have to login with a username or password <_>

Frankly, TM should have not chosen this remote configuration route and been open with it in the first place. Even if I did not guess the password, retrieving it is easy by hooking up a terminal connection directly into the DIR-615's console port and dumping its memory over the network + carving out the user/pass combination. The only way to fix this flaw is to disable the remote management.. and even then, users on your own LAN will still be able to pull of the hack so public Unifi networks (hotspots/hostels) using this DIR-615 G1 router will never be secure.

This post has been edited by rizvanrp: Jun 27 2010, 05:11 PM