{"guid":"a3d8af27-783d-4974-8118-8f536651201a","title":"A look at TR-06FAIL and other CPE Configuration Management Disasters","subtitle":null,"slug":"SHA2017-176-a_look_at_tr-06fail_and_other_cpe_configuration_management_disasters","link":"https://c3voc.de","description":"In late 2016 a TR-064 (LAN-side CPE management) misconfiguration in a wide range of CPE devices was disclosed that allowed for remote device takeover. Within days, botnets began exploiting a related command injection issue, leading to widespread internet outages for customers of certain ISP's in the UK and abroad.\nThis talk will explore the impacts of these issues, along with taking a look at some other, related vulnerabilities related to TR-069 (WAN-side CPE management) protocol implementations that could allow for remote takeover of routers en-masse.\n\n#NetworkSecurity  #DeviceSecurity  ","original_language":"eng","persons":["Darren Martyn"],"tags":["SHA2017","176"],"view_count":284,"promoted":false,"date":"2017-08-06T00:00:00.000+02:00","release_date":"2017-08-07T02:00:00.000+02:00","updated_at":"2026-03-05T15:45:07.220+01:00","length":2336,"duration":2336,"thumb_url":"https://static.media.ccc.de/media/events/SHA2017/176-hd.jpg","poster_url":"https://static.media.ccc.de/media/events/SHA2017/176-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/SHA2017/a3d8af27-783d-4974-8118-8f536651201a-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/SHA2017/a3d8af27-783d-4974-8118-8f536651201a-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/SHA2017-176-a_look_at_tr-06fail_and_other_cpe_configuration_management_disasters","url":"https://api.media.ccc.de/public/events/a3d8af27-783d-4974-8118-8f536651201a","conference_title":"SHA2017: Still Hacking Anyway","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017","related":[{"event_id":4230,"event_guid":"2764cdfd-49ab-4463-a809-198dec7abdf6","weight":9},{"event_id":4234,"event_guid":"f471ff12-1889-41c8-b65e-787b87c460db","weight":10},{"event_id":4240,"event_guid":"dec63dd2-d66b-419d-863d-c20fd5ce91dd","weight":10},{"event_id":4261,"event_guid":"3852e448-f6cf-4bfe-8b14-12d590075bd6","weight":24},{"event_id":4293,"event_guid":"dd774554-e12d-4557-b91c-3f6039cd4aeb","weight":10},{"event_id":4296,"event_guid":"0eff8b32-bd9e-4a69-b704-70171ca0e83e","weight":20},{"event_id":4300,"event_guid":"d48d1713-333b-4515-b56d-bc12fa2d3c44","weight":10},{"event_id":4322,"event_guid":"e41aee32-a8c0-4dce-b55a-a13aac7b5cad","weight":10},{"event_id":4323,"event_guid":"df804417-58b7-42fa-a626-83ed1663677f","weight":8},{"event_id":4343,"event_guid":"57920452-ce5b-4194-a768-fed44de6d779","weight":9}],"recordings":[{"size":128,"length":2336,"mime_type":"video/mp4","language":"eng","filename":"SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-08-07T00:00:47.123+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/h264-hd/SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters_hd.mp4","url":"https://api.media.ccc.de/public/recordings/17808","event_url":"https://api.media.ccc.de/public/events/a3d8af27-783d-4974-8118-8f536651201a","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":57,"length":2336,"mime_type":"video/mp4","language":"eng","filename":"SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-08-07T10:42:23.585+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/h264-sd/SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters_sd.mp4","url":"https://api.media.ccc.de/public/recordings/17839","event_url":"https://api.media.ccc.de/public/events/a3d8af27-783d-4974-8118-8f536651201a","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":60,"length":2336,"mime_type":"video/webm","language":"eng","filename":"SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-08-07T10:42:59.630+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/webm-sd/SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/17840","event_url":"https://api.media.ccc.de/public/events/a3d8af27-783d-4974-8118-8f536651201a","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":28,"length":2321,"mime_type":"audio/opus","language":"eng","filename":"SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2017-08-07T10:43:34.147+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/opus/SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters.opus","url":"https://api.media.ccc.de/public/recordings/17841","event_url":"https://api.media.ccc.de/public/events/a3d8af27-783d-4974-8118-8f536651201a","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":35,"length":2321,"mime_type":"audio/mpeg","language":"eng","filename":"SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2017-08-07T10:44:08.801+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/mp3/SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters.mp3","url":"https://api.media.ccc.de/public/recordings/17842","event_url":"https://api.media.ccc.de/public/events/a3d8af27-783d-4974-8118-8f536651201a","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":137,"length":2336,"mime_type":"video/webm","language":"eng","filename":"SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-08-07T10:50:28.083+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/webm-hd/SHA2017-176-eng-A_look_at_TR-06FAIL_and_other_CPE_Configuration_Management_Disasters_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/17853","event_url":"https://api.media.ccc.de/public/events/a3d8af27-783d-4974-8118-8f536651201a","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"}]}