-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
The first and easiest SSID to figure out was the Xfinity Home SSID, which is in the format XHS-xxxxxxxx where x's are the last 8 digits of your modem's CM MAC. There is actually info online about this one. It only broadcasts on 2.4GHz(meaning it's limited to 150mbps). It's possible to generate the password for this network using PSKracker like this: pskracker -t tg1682g -b (your modem CM MAC) This network sits in the 172.16.12.0/24 range and has a webserver running on 172.16.12.1:8080 which throws a 404 error. I'm guessing this is some API probably for local config of Xfinity Home devices. It's only broadcasted on Comcast native modems to my findings, but as long as your modem has Wi-Fi enabled it is being broadcasted(with the exception of business). This one is a bit scary because I saw a security research group from a few years ago determined that it's possible to get the CM MAC from the xfinitywifi network. If that is still true and not fixed(it was a CVE but so was the XHS network as a whole and that hasn't changed), anyone could easily gain access to this network(it doesn't have access to the 10.0.0.0/24 range though). I didn't enable the hotspot and try this.
Now here are the SSIDs that there is absolutely no info about and really confuse me: A16746DF2466410CA2ED9FB2E32FE7D9 - WPA2 Protected with unknown password D375C1D9F8B041E2A1995B784064977B - 802.1x Protected with potentially local authentication server? Both are 2.4GHz and 5GHz. These ones are broadcasted on all Comcast and Comcast-based modems and even for example Rogers in Canada. In fact, if you enter the D375C1D9F8B041E2A1995B784064977B SSID into Google you get a Meraki AP status page somewhere in Canada that's seeing a neighboring AP that actually doesn't have this SSID hidden. If you add these to your phones networks, with even a incorrect WPA2 password such as 12345678, you'll find that every Comcast modem you come across with Wi-Fi enabled is broadcasting these(with the exception of business I think though not totally sure on this one). I was not able to find ANY posts on these and determined these by finding them in RDK source code online. Here are all the links referencing these in the source code: Link 1, Link 2, Link 3, Link 4, Link 5, Link 6, Link 7 If anyone is able to pinpoint an exact use case for these please let me know.