Searching...
Reply
Highlighted
Accepted Solution

Netgear CG3000v2

[ Edited ]
lethal42

HI,

 

I have one of the above.

 

Various type of security software is stating I need to either update the password or update the firmware.

 I am suprised Optus doesnt update this down the cable....

 

How do I tell what fireware version I have, and how to I get the latest version?

 

cheers

 

Lethal42

Re: Netgear CG3000v2

petergdownload

Its a bit unusual for software to be reporting on modem firmware. If its one of those "Keep your drivers up to date" programs you can probably just ignore it. 

 

You can't update your own Optus firmware. You should be able to find your current version though if you log into the modem (192.168.0.1 ?) and look through the settings.

 

Apparently the latest FW will be installed if you do a factory reset on your modem. You will lose your current settings so make a note of what they are.

 

Regards

 

Peter Gillespie

Solution

Re: Netgear CG3000v2

beetroot

Hi @lethal42,

 

I'm afraid you can't update it yourself. The modem is provisioned and upated by Optus. Generally speaking one would have faith that an ISP supplied/maintained modem would be safe and secure except in Optus' case back in April 2014, there was a security flaw in these modems which took Optus 1 month to address after I brought it to their attention, Details here. The modems were automatically upgraded to a new firmware and each customer who had this modem experienced a period of downtime while the update was being pushed out. Optus never published a media release about this flaw nor did they inform customers owning these modems that their home networks networks and landline phones were exposed to being hacked. even after details were published on the Sydney Morning Herlad.

 

The old firmware used a configuration page which displayed the internally assigned Optus Private Network IP Address (in the format of 10.x.x.x) . The interface which this internal IP address was assigned to allowed (did not block) Telnet and SSH connections with the default admin admin username and password and exposed the Cable Modem's command line interface (CLI). The main security flaw was that an attacker could easily guess another user's private network IP address (by incrementing or decrementing the last octet of the IP address) and access any CG3000V2 via Telnet or SSH, grab the customers Wifi Connection Details as well as their Phone/SIP details and potentially remotely access their home network.

 

The bigger flaw was that customers could not easily block this vulnerability as they could not connect to their own modem using the above method from within their own home network. Instead one had to go to a friend or relative who also used Optus then access their home's cable modem from there. This meant that all affected users were powerless to block the vulnerability via SSH/telnet unless they had a friend or relative that was also using Optus allowing them to SSH or Telnet to their cable modem and then disable SSH/telnet by running a CLI command.

 

The journalist who published the article in the SMH was asked by Optus not to publish the article until after Optus released a patch (firmware update).

 

If Optus made sure that they had a firm handle on security vulnerabilities and exploits affecting the CG3000V2 then I would say it makes perfect sense for them to maintain and update/manage the firmware of this cable modem. However, when their actions have been unsatisfactory with this regard in the past then I question their ability to handle this in the future.

 

@lethal42, Due to the nature of Cable Modems and the fact that they all have a CLI such as the one which was previously accessible via the vulnerability described above. It is sensical common practice for Cable (HFC) ISP's to block end users from being able to access this CLI as users could modify settings they shouldn't, resulting in a breach of their terms of service with their ISP. As such, the ability to upgrade the firmware is restricted to be done so from the ISP level only. These modems are not your average run of the mill router/wifi access points and the home wifi configuration settings that we all have access to are just the tip of the iceberg in terms of the full extent of features and settings that these modems contain (Your VoIP/SIP settings for your landline phone are stored and accessbile via the CLI - the fact that these details are locked down and held privately is debatable).

 

So what does this all mean?

Well, you have no choice but to hope that Optus activley research all vulnerabilities and exploits which could potentially expose flaws in their supplied hardware. You also have to hope that they perform penetration tests on their supplied hardware. No ISP can guarantee you secure infrastructure but they can certainly minimise a great deal of risk by actively testing and maintaining their infrastructure.

 

Cheers,

@beetroot

Beetroot

Re: Netgear CG3000v2

lethal42

Thanks 'beetroot' I appreciate the detail provided.

 

This seems another area where Optus have dropped and are dropping 'the ball'...Their Webmail as spam filter is nothing short of a joke as well. I know one of the YES crowd members are sending advises to the TIO around this.

 

Both issues are definately a concern that Optus dont seem to have on their radar (integrity, reliability or not).

 

regards

 

Lethal42

 

 

 

Re: Netgear CG3000v2

lethal42

Hi Peter,

The message I got from my eset software, was that it was out of date....it was not a reminder, or warning.

 

Following 'beetroots' response below...Optus are clearly NOT keeping up their end of the bargain, espec when you consider the drop outs, bad connections (cable broadband), and the fact they have substantially discounted my (no longer sold ) plan.

 

As if this makes up for it. Ha!

 

regards

 

Lethal42

Re: Netgear CG3000v2

anthony

I hear Optus did release a new cable modem - NETGEAR CM500v 

Re: Netgear CG3000v2

Scott_M

Hi @anthony, the current modem is the CG3000v2. 

Re: Netgear CG3000v2

anthony

Well, I just recevied my new HFC modem from Optus NETGEAR CM500v + Sagemcom Fast 3864AC , this new modem/router combo seems to have solved all my wifi issues at home, and no more dropouts

Re: Netgear CG3000v2

beetroot

Hi @anthony

 

That is really interesting!

 

Well done mate, did you have to pay for that?

 

Are you an existing customer - if so did you just ask for a new modem or did you recontract?

 

Also, can you please confirm that you're an Optus Cable (HFC) Broadband customer and not an Optus NBN HFC customer?

 

The reason I ask is because there have been others in this forum who have posted attempts at requesting new cable modems and it doesn't look like they have been as lucky as you.

Beetroot

Re: Netgear CG3000v2

[ Edited ]
anthony

Hey @beetroot 

Yes, I am an existing customer and on Optus HFC Cable, and I paid a $120 modem upgrade fee – it came with both new HFC modem and AC router.

 

I have had 6 modem (CG3000v2) replacements previously

Post a Reply
Introducing the Optus Business Care hub

Here you’ll find a complete suite of help and support exclusively for our small and medium business customers. Read More

Top Contributors
10 Kudos
8 Kudos
7 Kudos
6 Kudos
4 Kudos