TWC/Spectrum as much as admitted that Techni-color built routers are the majority equipment shipped by them.
This frightens me, as they are horrible equipment riddled with security holes.
Null-session RPC, giving you full control over the device without authentication.
The WPA key and SSID both are made partially by the model number. This makes brute-forcing the WPA key much faster, since you already have the first half of it.
If you choose to set your own administrative password on the device, since the default is “password” you will find that you cannot use special characters. Stuck in the 1990s?
If you flood a Techni-Color gateway/router with bogus ARP traffic, it may reboot. When it comes back online, it’s usually reset to defaults, negating any benefit of a custom WPA key.
The command/control port for the provider to manage DOCSIS networking is left open on ALL interfaces, with an easily guessed password.
I’ve brought this information to their attention many times. It took escalating to their executives to get anyone to even take notice. Following that, the problems are not being addressed.
At this point, I’m not doing this out of responsibility for the tens of thousands of hapless customers with this ticking timebomb of a botnet waiting to happen. I’m doing this because TWC has repeatedly screwed the proverbial pooch delivering service. That’s right, I’m mad. Positively furious. A tech/ops manager was on-site at my home today to try and resolve poor service. I advised him of these same problems, only to get a look of “yeah yeah, whatever.”
I don’t know what sexual favors that person did to get their position, but it must’ve been mind-blowing if they don’t care about something like this while holding that position.