Broadband users seem to know a cheat , if a device is connected to the Internet , then you do not enable any type of remote access features on the device . However , github ‘s Eloi Vanderbeken released a means of attack, the device can be re- placed in the factory default state , no password achieve the purpose of remote attacks.
Vanderbeken noted that Cisco devices ( including Cisco and Linksys brand , which has switched to Belkin name ), Netgear, Diamond, LevelOne and OpenWAG devices exist thereafter door. It is a fitting introduction HackerNews ( Hacker News ) on a common flaw with these devices is that they are custom offered by Sercomm.
Vanderbeken when accessing a Linksys WAG200G own devices forgotten your password, he found the device listens on port 32764 . The listening port service manual does not mention in the document , but there are others mentioned it . He said he made the device firmware MIPS code reverse engineering analysis , to find a way to authenticate without administrator can send commands to the device .
His practice, the use of exhaustive (Brute-force) method , without a password reset the device to factory settings, to say the next time you log in , he would have access to any function of the device .
Vanderbeken written in Python proof of concept code, the code can also report the existence of this vulnerability equipment .
Reporters found that at least this vulnerability attacks can not be carried out in secret : because if someone attacks against routers running the code , reset to the default router password, so that at least someone will remind the victim of the equipment moving the hands and feet .