Unauthenticated remote takeover of undisclosed SOHO modem/routers

Recently, I came to own some Customer Premises Equipment (CPEs). You might wonder why. Well, occasionally, when I’m feeling bored, I enjoy testing the vulnerabilities of embedded devices, while staying within ethical and righteous boundaries.

In this article, I discuss a ***complete and unauthenticated remote takeover*** that can be performed on these devices via the embedded management web interface. It should be noted that the management interface of these devices is accessible from the Internet by default.


For now, I …

article cpes customer cybersecurity devices discuss embedded equipment modem own routers soho takeover testing vulnerabilities