If you want to hurt one Netgear ή Linksys wireless router, there is an available backdoor entry, which allows an attacker to reset the factory default passwords of the administrator.
Eloi Vanderbeken, a hacker from France discovered this weakness which concerns a large number of Netgear and Linksys router.
In Publication in a blog, Eloi mentioned that during the Christmas holidays she forgot about him code of access σελίδαadministrator of his Linksys WAG200G router and in trying to regain access he scanned the Router and found a suspicious open TCP port, 32764.
Continuing on research for the process running on that port, download the software running it from the internet router and analyzed its source code. What he discovered was a hidden backdoor that allowed him to send commands to the router from line commands without being authenticated as an administrator.
It then "blindly" executed some commands, forcing the router to return to factory settings with the default username and password.
On the slides you can find here, details the details of this serious weakness. Following its publication, other hackers around the world conducted research on the subject, which showed that the devices were made by Sercomm, ie Cisco. The entire list of vulnerable devices can be found on its GitHub post, some of which include the Linksys WAG200G, Netgear DM111Pv2, Linksys WAG320N, Linksys WAG54G2, DGN1000 Netgear N150 and many more. Press here to see the list of routers containing the weakness.
The code of exploitation of weakness written in Python can be downloaded from here.
For this attack to take place, it is necessary that the attacker belongs to the same network with the router, while at the same time there are more than 2000 vulnerable routers on the internet, according to Shodan's research, Search-1 & Search-2.
We thank her warmly SecTeam @k0w @ lsk1.
