Posted by paul . szabo on Mar 14

I noticed a security issue in my Netgear CG3000v2 cable modem, as
provided by Optus (an Australian phone/communications provider).

The “admin password” can be changed on the web interface, without
providing the current password. The page
http://192.168.0.1/SetPassword.asp
prompts for old and new passwords (and repeat of new), but in fact
ignores the old password provided, and changes the password to the
new one, regardless.

This issue…