Variety of DSL modems keep the back door
Posted: 15 January 2014 03:18 AM     [ Ignore ]  
I've Only Posted Once!
Total Posts:  7
Joined  2011-11-07

Broadband users seem to know a cheat , if a device is connected to the Internet , then you do not enable any type of remote access features on the device . However , github ‘s Eloi Vanderbeken released a means of attack, the device can be re- placed in the factory default state , no password achieve the purpose of remote attacks.

Vanderbeken noted that Cisco devices ( including Cisco and Linksys brand , which has switched to Belkin name ), Netgear, Diamond, LevelOne and OpenWAG devices exist thereafter door. It is a fitting introduction HackerNews ( Hacker News ) on a common flaw with these devices is that they are custom offered by Sercomm.

Vanderbeken when accessing a Linksys WAG200G own devices forgotten your password, he found the device listens on port 32764 . The listening port service manual does not mention in the document , but there are others mentioned it . He said he made ​​the device firmware MIPS code reverse engineering analysis , to find a way to authenticate without administrator can send commands to the device .

His practice, the use of exhaustive (Brute-force) method , without a password reset the device to factory settings, to say the next time you log in , he would have access to any function of the device .

Vanderbeken written in Python proof of concept code, the code can also report the existence of this vulnerability equipment .

Reporters found that at least this vulnerability attacks can not be carried out in secret : because if someone attacks against routers running the code , reset to the default router password, so that at least someone will remind the victim of the equipment moving the hands and feet .

Profile