BUG REPORT: Shaw Bluecurve Xb7 Gateway - Admin password changed during initializati blocking 10.xx.1

Ishddu
Grasshopper
‎2023-04-17 03:16 PM

A bit of a preface - I was looking to access and manage some settings directly on the BlueCurve modem and attempted to access via 10.0.0.1. When I tried to access using the admin and all my known passwords I kept getting incorrect password. Now i do have the BlueCurve Home application and I can access the router settings to a degree from their. Additionally when the router was set up it was done using the mobile application as well.

From what I can see the following seems to be happening -- 

User setup of Gateway utilizing Mobile App initiliazes router and admin/pass changes -

The user sign-in with shaw ID authenticates access with shaw servers - Update to admin password occurs

Since Authentication is happening using shaw ID and shaw servers a hashed pass or key is being passed to the router and stored on the gateway. The admin password is updated from default "password" to the new key/hashed password.

The user is not given a method or prompt to update  the admin password locking them out.

Access and management can still occur on the mobile app since it is authentication however direct local access is made impossible without the admin password being changed.

 

This is probably what is occurring for a lot of users who use the mobile app for set up and all of a sudden cant seem to access via 10.0.0.1. The only thing that can be done at this point is a factory reset and a set up while connected to 10.0.0.1. 

Factory reset with mobile app being used for set up results in the same lockout.

I would suggest Shaw updates their application to allow resetting of admin password through the Mobile application or adding an authentication protocol to the router firmware.

 

PS -- Shaw's bug report services are not online so can't get this to the team without just sharing it to the community.

 

Reply
3 Replies

Hi  , For the Blue Curve Modems access to the 10.0.0.1 ha...

g-idk
Master
‎2023-04-17 04:12 PM

Hi @Ishddu , For the Blue Curve Modems access to the 10.0.0.1 has been disabled on purpose (not a bug).  You are only supposed to change limited settings with the BlueCurve App.  I believe the only time you can access it, is after a pin hole reset for a one shot time.  This behavior is done on purpose to stop people from mucking up the settings when they don't know what they are doing (not implying that you don't).  Shaw BlueCurve home internet is designed to be plug and play for dummies, so they have restricted access and instead offer limited changes via the App. The older Hitron Modems you can still access the 10.0.0.1 anytime but those are slowly being phased out as well in favor of everything BlueCurve.  Hope this answers your question, unless I misunderstood it.   

Reply
Reply
Loading...

This is stupid. Many users are tech savvy and they should...

Asrai
Grasshopper
‎2024-09-08 07:03 PM

This is stupid. Many users are tech savvy and they should let this option exist for those that want to customize certain settings for their usage. Completely locking out just to favor dummies is such a dumb management move. 

For the dummies, majority of them will not even know how to access their IP address through the browser and only care that it works and have access to internet. But to many that actually tech savvy would want additional options. 

Not to mention the recent rogers update made the app even more "moron" friendly by locking out even more options. I can no longer see advanced security settings and its only a dumb toggle to on or off. 

0 Kudos
Reply
Reply
Loading...

, Yup so called future progress.  But not to defend Shaw/...

g-idk
Master
‎2024-09-08 08:36 PM

@Asrai , Yup so called future progress.  But not to defend Shaw/Rogers in any way, but you can blame Comcast/Xfinity in the states.  All Shaw/Rogers Equipment and proprietary software, license to use such services all comes from Comcast, this all started back with the original BlueCurve system which was a Comcast product, they were the ones who originally introduced cutting off access and putting it on the app for the ease of their American customers who were plugging up customer support, with no access they don't need to train customer support workers about the inners.  I do understand what you are saying though, but I don't think it will ever come back.  The one caveat is that if you want that type of access to your modem you have to have a Rogers/Shaw Business account.  Sorry for the sad news.    

Reply
Reply
Loading...
TALK TO US
We're here to help
Connect on Live Messaging
Chat on Messenger
Direct Message on Twitter