2wire support just replied that this has been fixed and new version (6.x.x.x) has been released.
The advisory has been updated accordingly. http://yehg.net/lab/pr0js/advisories/2wire/[2wire]_session_hijacking_vulnerability _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/