Siemens sx762 wlan dsl router experiences

My ISP recently sent me a Siemens sx762 wlan dsl modem with voip support. it replaces the ATA voip box they previously provided me which is suffering from too much echo on certain calls.

It looks like a decent, pretty functional modem which a rather decent webinterface. After testing/poking it a bit more I found the following:

It runs Linux. Nmap reports the following:

PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
443/tcp  open  https
5555/tcp open  freeciv
8080/tcp open  http-proxy
MAC Address: 00:21:04:43:6E:8A (Unknown)
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.28 - 2.4.30
Uptime: 3.772 days (since Wed Mar 11 21:35:03 2009)
Network Distance: 1 hop

Additionally to the ports listed above, it also listens to port 8085. More on this later.

If it runs Linux, Siemens should provide the necessary sourcecode and licenses. You can find this here (found on the net, not my router's info).

The first interesting thing is port 22, ssh. It appears you can ssh into the device using 'administrator' as username, and the password you use for the webaccess. This will provide you with a restricted management shell. You can find a complete overview of all information here.

If you look in detail at this file, you'll see the following:

ManagementServer.URL = http://tsm.topit.nl:1111/ACS-INTF 
ManagementServer.Username = 000000-CPE-000000000000 (cleared)
ManagementServer.Password =  
ManagementServer.PeriodicInformEnable = 0 
ManagementServer.PeriodicInformInterval = 240 
ManagementServer.PeriodicInformTime = 0001-01-01T00:00:00 
ManagementServer.ParameterKey =  
ManagementServer.ConnectionRequestURL = http://n.n.n.n:8085/CPE-ACCESS (ip removed)

I'm not really sure what this does. It looks like some sort of remote management support. I'm not sure if the modem is somehow able to "call out" (to tsm.topit.nl in this case). Additionally, an extra service appears to be running on port 8085 (which is unfiltered).

Port 8085 seems to be running "RomPager Advanced Server", as far as I can tell an embedded web-based management server. I haven't been able to access it though. Perhaps this is a remote management option for my ISP, but it does scare me a bit. The "normal" management user interface also appears to run on the RomPager server, but url's are different.

Issues

As said before, the modem works well, except for one issue: It doesn't properly register a hangup. If I call my cellphone and hangup before I pickup the cellphone, the cellphone will continue ringing (and eventually switch to voicemail, where two minutes of voicemailbox are filled with nothing). I haven't yet found a cause or solution for this.

I did find a relevant piece of logging:

... calling an umber (ending in 52)
Mar 15 13:56:46 Inf <EVENT>  FXS 1: Detected DTMF 5
Mar 15 13:56:46 Inf <EVENT>  FXS 1: Detected DTMF 2
Mar 15 13:56:51 Inf <EVENT>  Ept 1 : created stream 1 (coder 0)
Mar 15 13:56:58 Inf <EVENT>  FXS 1: Detected hook event 0x1 : onhook
Mar 15 13:56:58 Inf <EVENT>  Ept 1 : deleting stream 1 (coder 0)

So it does register the hangup.

 Stuff to figure out

  • are there options to escape to a shell? busybox seems to be included
  • what's running on port 443 and 5555? 443 doesn't behave like https
  • what's the purpose of port 8085 and what's topit.nl's role?

Comments (closed)

    Have you followed up with the sx762. I have been messing with the settings trying to get mine to allow for stock firmware to be loaded.

    Comment by anon — Jun 24, 2010 7:10:48 PM 

    I haven’t. It had VOIP issues (wouldn’t hangup properly) so my ISP send me a thomson modem, which sucked even more. I’ve changed to Fritzbox! since then and all my problems disappeared. It’s an expensive modem but the software is excellent.

    Comment by ivo — Jul 12, 2010 9:33:32 AM 

Last updated April 18, 2013, 4:35 p.m.
comments powered by Disqus