Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hub 3 replacement?

Go to solution
alanjairey
Joining in

on ‎20-09-2021 12:44

I've read about the zero day vulnerability in the news recently, which uncovers the true IP of the user even if they use a VPN. (https://portswigger.net/daily-swig/vpn-users-unmasked-by-zero-day-vulnerability-in-virgin-media-rout...)

Has this been patched on the Hub 3 already or if not, when will this happen?

If the Hub 4 is not vulnerable to this exploit, are we able to get one to replace the Hub 3?

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
jem101
Superstar

on ‎20-09-2021 17:02

@alanjairey wrote:

I've read about the zero day vulnerability in the news recently, which uncovers the true IP of the user even if they use a VPN. (https://portswigger.net/daily-swig/vpn-users-unmasked-by-zero-day-vulnerability-in-virgin-media-rout...)

Has this been patched on the Hub 3 already or if not, when will this happen?

If the Hub 4 is not vulnerable to this exploit, are we able to get one to replace the Hub 3?

Well VM are famously tight-lipped about what exactly is in any firmware updates, as they haven't expressly said that this vulnerability has been fixed then assume it hasn't.

When will it happen? Who knows? To be honest considering all the other flaws in the firmware especially in the Hub 4 - probably never! I would imagine that VM would take a look at what percentage of customers probably use a VPN and conclude that it's not worth expending resources on fixing

As for the Hub 4, I would expect they share a lot of code, so probably best to assume that this is just as vulnerable, and judging by a number of posts across this forum, possibly more flaky.

The vulnerability is a DNS rebind attack so it should be mitigated if you use your own router with the Hub in modem mode.

See where this Helpful Answer was posted

0 Kudos
3 REPLIES 3

Go to solution
Tudor
Very Insightful Person
Very Insightful Person

on ‎20-09-2021 14:41

The problem is only when you use a VPN.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos

Go to solution
lotharmat
Community elder
In response to Tudor

on ‎20-09-2021 15:02

and can be mitigated pretty easily too by the sounds of it!

I think if you're savvy enough to be using a VPN then you will be able to put in place the mitigation required to prevent you being vulnerable!



------------------------------------------------------------------
Hub 3 - Modem Mode - TP-Link Archer C7

0 Kudos

Go to solution
jem101
Superstar

on ‎20-09-2021 17:02

@alanjairey wrote:

I've read about the zero day vulnerability in the news recently, which uncovers the true IP of the user even if they use a VPN. (https://portswigger.net/daily-swig/vpn-users-unmasked-by-zero-day-vulnerability-in-virgin-media-rout...)

Has this been patched on the Hub 3 already or if not, when will this happen?

If the Hub 4 is not vulnerable to this exploit, are we able to get one to replace the Hub 3?

Well VM are famously tight-lipped about what exactly is in any firmware updates, as they haven't expressly said that this vulnerability has been fixed then assume it hasn't.

When will it happen? Who knows? To be honest considering all the other flaws in the firmware especially in the Hub 4 - probably never! I would imagine that VM would take a look at what percentage of customers probably use a VPN and conclude that it's not worth expending resources on fixing

As for the Hub 4, I would expect they share a lot of code, so probably best to assume that this is just as vulnerable, and judging by a number of posts across this forum, possibly more flaky.

The vulnerability is a DNS rebind attack so it should be mitigated if you use your own router with the Hub in modem mode.

0 Kudos
Top