Time Warner has rolled out a temporary patch and is testing a permanent fix for a security hole in a combination cable modem/Wi-Fi router that could allow anyone to access the private network of its customers, snoop on sensitive data, and direct customers to malicious Web sites.
The vulnerability in the SMC8014 cable modem/Wi-Fi router provided to customers was detailed in a blog post written by David Chen, a software engineer and co-founder of the Pip.io social communications platform start-up.

Chen wrote that he discovered that the administration features of the router had been disabled via JavaScript and that he was able to access all the features of the router by disabling JavaScript in the browser.
In addition, the device relied only on WEP encryption, which can be cracked easily, and it used a fixed format for the SSID (service set identifier), which makes it easy to tell which Wi-Fi network the device is using, he wrote.

http://news.cnet.com/8301-27080_3-10379477-245.html