1. Cross-site request forgery (CSRF). Several features provided by the web interface fail to properly establish sessions that restrict access to authorized users, including forms for changing the administrative password, resetting the modem, and installing new firmware. An attacker may create a malicious website that, when visited by a victim, updates these settings on the victim's modem on the victim's behalf without their authorization or need for any additional user interaction. This can be used to deny service by resetting the modem or wiping the firmware, to change the default administrative password, or potentially to steal information from the victim by installing malicious firmware. This issue has been assigned CVE-2010-2025.
2. Insufficient authentication. The modem's access control scheme, which has levels numbered from 0-2 (or 0-3 on some other models), is not properly checked before performing operations that should require authentication, including resetting the modem and installing new firmware. The modem requires the proper access level to access web interface pages containing forms that allow a user to perform these actions, but does not properly authenticate the pages that actually carry out these actions. By sending a POST request directly to these pages, these actions may be performed without any authentication. Attacks may be performed by an attacker on the local network or by leveraging the CSRF vulnerability. This issue has been assigned CVE-2010-2026.
