ACS hack for CR1000A model #7
Comments
Well for the G1100 I had to edit the config to use a local ACS address without SSL, otherwise the router would reject the ACS server as SSL certificate validation would fail when I tried to MITM the ACS connection. If the CR1000A is similar probably have to also disable SSl for it to work. |
|
Thanks for the clarification. Looks like the only way is to decrypt the config. Are there any method the check what kind of encryption the config is using? CR1000A using a .cfg config. |
|
Not sure if this may help but according to an Reddit thread there's a hidden firmware update page and debug page https://[Router_IP]/#/firmware_upgrade and debug page here https://[Router_IP]/cgi/cgi_basic.js Thread: https://www.reddit.com/r/Fios/comments/10szdnd/hidden_menu_on_router If we can get a firmware image then binwalk should be able to decrypt it or tell us what encryption method it's using |
|
@jameshilliard Hi, the CR1000A config is now decrypted and I have successfully added it to my genieacs server. However, I have faced two issues:
|
|
NVM, looks like password is not required and I can just use API to push the command. |
Hello, how are you able to decrypt the config? The g3100 has a similar .cfg file i'm willing to bet the same method can be used for this |
Hi,
I'm trying the ACS way to enable SSH on another FIOS router model CR1000A. Since that model config is using another encryption method and there is not a way to decrypt that yet. Is that possible to spoofing the Verizon CWMP address with a local host ACS server?
The text was updated successfully, but these errors were encountered: