It's quite interesting to me to see something like this here. A few years back (turn of the decade) I discovered a similar problem in the equipment of a fairly large ISP, albeit a little bit more serious (think root access). Their fix was to put that port behind a whitelist, with the only IP address able to access it remotely belonging to the ISP.
The problem is, this is one of those ISPs that have an extra SSID on their CPEs for "free" internet, think Xfinity, but this wasn't Comcast, and this vulnerability stems from an HTTPd misconfiguration, so if you can access the equipment's HTTPd (all you need to do is a single, unauthenticated request, so, really any access will do), you've got full access.
I went through some trouble to contact, via third parties, an insider at this ISP with the power to get things fixed - they did fix the remote part (via the aforementioned firewall whitelisting), but I was told, in no uncertain terms, that they didn't care enough to fix the root of the issue, as long as it wasn't massively exploitable, and it wasn't public.
I like my freedom/money too much to publicize details, and so it's still there, all these years later. I wonder how many vulnerabilities like this are out there, fully known by the vendors/providers, but nothing gets done about them because people are too scared to disclose, until eventually someone comes along and blows the whistle, or the equipment is obsoleted?
Doing some anonymous disclosure wouldn't be an option?
All their users should know about how their provider treats security issues. We cannot choose with our wallets if we don't have the information to make an informed decision...
The problem is, this is one of those ISPs that have an extra SSID on their CPEs for "free" internet, think Xfinity, but this wasn't Comcast, and this vulnerability stems from an HTTPd misconfiguration, so if you can access the equipment's HTTPd (all you need to do is a single, unauthenticated request, so, really any access will do), you've got full access.
I went through some trouble to contact, via third parties, an insider at this ISP with the power to get things fixed - they did fix the remote part (via the aforementioned firewall whitelisting), but I was told, in no uncertain terms, that they didn't care enough to fix the root of the issue, as long as it wasn't massively exploitable, and it wasn't public.
I like my freedom/money too much to publicize details, and so it's still there, all these years later. I wonder how many vulnerabilities like this are out there, fully known by the vendors/providers, but nothing gets done about them because people are too scared to disclose, until eventually someone comes along and blows the whistle, or the equipment is obsoleted?