Backdoor found from various Linksys and Netgear routers
Posted: 07 Jan 2014, 10:19
# FYI #
Backdoor found which can allow attacker reset router to it's factory defaults and then gain access to the administration panel.
In English: http://www.net-security.org/secworld.php?id=16155
In Finnish: https://www.cert.fi/tietoturvanyt/2014/ ... 31811.html
Exploit in Linksys routers: WAG54G2, WAG120N, WAG160N, WAG200G and WAG320N
Exploit in Netgear routers: DM111Pv2, DGN1000 N150, DGN2000B, DGN3500, DG834G v2, and DG834 v3.
If you have one of these routers, it's recommended to update the firmware of the router if it exists or with work around, close the port 32764 from the firewall while the patched firmware comes available.
Mainly it would need to get access to your home LAN to use this, but referring to the links, it can be used from the internet in certain cases. There are already tool published to use this exploit and some port scanning done from internet side to found vulnerabilities.
Referring to the english version, this bad firmware might be found also from 3Com, Aruba and Belkin routers also. The common thing with these routers is the manufacturer, Sercomm.
Backdoor found which can allow attacker reset router to it's factory defaults and then gain access to the administration panel.
In English: http://www.net-security.org/secworld.php?id=16155
In Finnish: https://www.cert.fi/tietoturvanyt/2014/ ... 31811.html
Exploit in Linksys routers: WAG54G2, WAG120N, WAG160N, WAG200G and WAG320N
Exploit in Netgear routers: DM111Pv2, DGN1000 N150, DGN2000B, DGN3500, DG834G v2, and DG834 v3.
If you have one of these routers, it's recommended to update the firmware of the router if it exists or with work around, close the port 32764 from the firewall while the patched firmware comes available.
Mainly it would need to get access to your home LAN to use this, but referring to the links, it can be used from the internet in certain cases. There are already tool published to use this exploit and some port scanning done from internet side to found vulnerabilities.
Referring to the english version, this bad firmware might be found also from 3Com, Aruba and Belkin routers also. The common thing with these routers is the manufacturer, Sercomm.