Backdoor found from various Linksys and Netgear routers

Generic discussions with the emphasis on technology
Post Reply
User avatar
gR!ns
Posts: 500
her blog
Joined: 10 Mar 2012, 09:28
Location: 2nd reality

Backdoor found from various Linksys and Netgear routers

Post by gR!ns »

# FYI #

Backdoor found which can allow attacker reset router to it's factory defaults and then gain access to the administration panel.

In English: http://www.net-security.org/secworld.php?id=16155
In Finnish: https://www.cert.fi/tietoturvanyt/2014/ ... 31811.html

Exploit in Linksys routers: WAG54G2, WAG120N, WAG160N, WAG200G and WAG320N
Exploit in Netgear routers: DM111Pv2, DGN1000 N150, DGN2000B, DGN3500, DG834G v2, and DG834 v3.

If you have one of these routers, it's recommended to update the firmware of the router if it exists or with work around, close the port 32764 from the firewall while the patched firmware comes available.

Mainly it would need to get access to your home LAN to use this, but referring to the links, it can be used from the internet in certain cases. There are already tool published to use this exploit and some port scanning done from internet side to found vulnerabilities.

Referring to the english version, this bad firmware might be found also from 3Com, Aruba and Belkin routers also. The common thing with these routers is the manufacturer, Sercomm.
gaoesa
Site Admin
Posts: 1520
Joined: 05 Apr 2010, 15:02
Location: Finland
Contact:

Re: Backdoor found from various Linksys and Netgear routers

Post by gaoesa »

These kind of hard coded administrator passwords etc. are practically found in most modems and routers. Unfortunately.

Also, there are exploitable backdoors in some high end firewalls as well.
He hoped and prayed that there wasn't an afterlife. Then he realized there was a contradiction involved here and merely hoped that there wasn't an afterlife.
- Douglas Adams

silEnT development
http://mygamingtalk.com/
User avatar
gR!ns
Posts: 500
Joined: 10 Mar 2012, 09:28
Location: 2nd reality

Re: Backdoor found from various Linksys and Netgear routers

Post by gR!ns »

If you mean these default passwords when the machine is on its factory defaults, it's kind of stupid. My former router was so plug and play, that it didn't necessarelly need any configurations by default, just stick cables in and it worked.

Of course, the admin password to the management panel was "admin" or "password", can remember which, and WIFI was automatically on. With open WLAN. So if you didn't went to change these settings or knew that they can be changed at all, you could be in trouble. Especially because of that open WLAN which allowed everyone to access your private network. No need to be engineer to find out the default settings of the specific router from the web.

But I think that nowdays this WIFI issue is fixed and when you start your router first time, you'll need to go thru settings wizard to change the passwords and such. Or the modems come pre-configured from the ISP. Of course this don't fix that, if the router has been set to defaults again, it runs the wizard again and then the attacker, if he has managed to get in to your LAN, can change the things in the router etc.
gaoesa
Site Admin
Posts: 1520
Joined: 05 Apr 2010, 15:02
Location: Finland
Contact:

Re: Backdoor found from various Linksys and Netgear routers

Post by gaoesa »

He hoped and prayed that there wasn't an afterlife. Then he realized there was a contradiction involved here and merely hoped that there wasn't an afterlife.
- Douglas Adams

silEnT development
http://mygamingtalk.com/
Post Reply