A recently-uncovered security flaw could put as many as 64,000 wireless networks at risk for attack. Skip related content
The vulnerability is believed to exist in the SMC8104, a combination cable modem and wireless router device used primarily by customers of Time Warner and RoadRunner cable internet service.
According to developer Dave Chen, lax security protections on the router could make the task of breaking into the networks and taking control of the router much easier than with other wireless router devices.
Chen explained in a blog posting that the routers rely on WEP protections, a security protocol that has been known for years as being notoriously easy to overcome. But the most serious concerns of the flaw, said Chen, come after a user has connected to the router.
He said that the router uses JavaScript code to prevent unauthorized systems from accessing the router's administration functions. By disabling JavaScript execution within the browser, a third-party user could connect to the router and access administration features.
Additionally, Chen noted that among the administration features on the router is the option to back-up router settings as a text file which includes administrator login names and passwords.
"By forcing the customers to use only WEP encryption on their wifi network, they are allowing anyone to penetrate the network with ease," Chen explained.
"Once inside, anyone can access the routers web interface and login with the admin account."
