Himalia Enemy Territory Gaming Community

An Enemy Territory Gaming Community
https://www.himalia.fi/forum/

Backdoor found from various Linksys and Netgear routers

https://www.himalia.fi/forum/viewtopic.php?t=1237

Page 1 of 1

Backdoor found from various Linksys and Netgear routers

Posted: 07 Jan 2014, 10:19
by gR!ns
# FYI #

Backdoor found which can allow attacker reset router to it's factory defaults and then gain access to the administration panel.

In English: http://www.net-security.org/secworld.php?id=16155
In Finnish: https://www.cert.fi/tietoturvanyt/2014/ ... 31811.html

Exploit in Linksys routers: WAG54G2, WAG120N, WAG160N, WAG200G and WAG320N
Exploit in Netgear routers: DM111Pv2, DGN1000 N150, DGN2000B, DGN3500, DG834G v2, and DG834 v3.

If you have one of these routers, it's recommended to update the firmware of the router if it exists or with work around, close the port 32764 from the firewall while the patched firmware comes available.

Mainly it would need to get access to your home LAN to use this, but referring to the links, it can be used from the internet in certain cases. There are already tool published to use this exploit and some port scanning done from internet side to found vulnerabilities.

Referring to the english version, this bad firmware might be found also from 3Com, Aruba and Belkin routers also. The common thing with these routers is the manufacturer, Sercomm.

Re: Backdoor found from various Linksys and Netgear routers

Posted: 07 Jan 2014, 15:10
by gaoesa
These kind of hard coded administrator passwords etc. are practically found in most modems and routers. Unfortunately.

Also, there are exploitable backdoors in some high end firewalls as well.

Re: Backdoor found from various Linksys and Netgear routers

Posted: 07 Jan 2014, 17:18
by gR!ns
If you mean these default passwords when the machine is on its factory defaults, it's kind of stupid. My former router was so plug and play, that it didn't necessarelly need any configurations by default, just stick cables in and it worked.

Of course, the admin password to the management panel was "admin" or "password", can remember which, and WIFI was automatically on. With open WLAN. So if you didn't went to change these settings or knew that they can be changed at all, you could be in trouble. Especially because of that open WLAN which allowed everyone to access your private network. No need to be engineer to find out the default settings of the specific router from the web.

But I think that nowdays this WIFI issue is fixed and when you start your router first time, you'll need to go thru settings wizard to change the passwords and such. Or the modems come pre-configured from the ISP. Of course this don't fix that, if the router has been set to defaults again, it runs the wizard again and then the attacker, if he has managed to get in to your LAN, can change the things in the router etc.

Re: Backdoor found from various Linksys and Netgear routers

Posted: 07 Jan 2014, 18:19
by gaoesa
Some links

http://seclists.org/fulldisclosure/2013/Dec/6

http://seclists.org/fulldisclosure/2013/Nov/205

http://www.h725.co.vu/2013/11/d-link-wh ... h-you.html
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited