If you want to hurt one Netgear ή Linksys wireless router, υπάρχει μία διαθέσιμη καταχώριση backdoor, η οποία επιτρέπει σε έναν επιτιθέμενο να επαναφέρει τους εργοστασιακούς κωδικούς πρόσβασης του διαχειριστή.
Eloi Vanderbeken, a hacker from France discovered this weakness which concerns a large number of Netgear and Linksys router.
In Publication in a blog, Eloi mentioned that during the Christmas holidays she forgot about him code of access σελίδαadministrator of his Linksys WAG200G router and in trying to regain access he scanned the Router and found a suspicious open TCP port, 32764.
Continuing research into the process running on that particular port, he downloaded from the internet the software running the router and analyzed its source code. What he discovered was a hidden backdoor that allowed him to send commands on the router from the command line without being authenticated as Admin.
It then "blindly" executed some commands, forcing the router to return to factory settings with the default username and password.
On the slides you can find here, details the details of this serious weakness. Following its publication, other hackers around the world conducted research on the subject, which showed that the devices were made by Sercomm, ie Cisco. The entire list of vulnerable devices can be found on its GitHub post, some of which include the Linksys WAG200G, Netgear DM111Pv2, Linksys WAG320N, Linksys WAG54G2, DGN1000 Netgear N150 and many more. Press here to see the list of routers containing the weakness.
The code of exploitation of weakness written in Python can be downloaded from here.
To make this attack, it is necessary for the attacker to belong to the same network as the router, while there are more than 2000 vulnerable routers on the internet, according to Shodan's research, Search-1 & Search-2.
We thank her warmly SecTeam @k0w @ lsk1.