Tag Archives: fon

Hacking la fonera… part III

BlaBla

La fonera, that fully tivo-ified (as rms would say :)) wifi accesspoint by fon was hacked two (now three:)) times, and it has always been patched very quickly.
The last one that was discovered here with a nice tutorial here,
was fixed on the 0.7.1 version of their firmware, but there is still a very similar hole in the webform still about unescaped evil characters…
Just replace “/usr/sbin/iptables -I INPUT 1 -p tcp –dport 22 -j ACCEPT” and “/etc/init.d/dropbear” in step1.html and step2.html with “$(/usr/sbin/iptables -I INPUT 1 -p tcp –dport 22 -j ACCEPT)” and “$(/etc/init.d/dropbear)”
Once done this follow the instructions of the last method straightforward…
Now, it will be surely fixed in the next version and you know what? I hope that it will be fixed, because it’s a very serious security problem, but it’s very sad that everything it’s becoming more and more broken by design, so pleeeeease fon, open that ssh by default and we will all looove you 🙂