A password "embedded" in the firmware of some routers (Netcore routers) manufactured in China offers attackers the ability to bypass and access the device's security in order to execute arbitrary code.
Ο latest technology equipmentς δικτύωσης δεν είναι άλλος από το μηχάνημα που μεσολαβεί μεταξύ του υπολογιστή σας και της τηλεφωνικής γραμμής σας, και που πλασάρεται στην αγορά της Κίνας με το όνομα του Netcore, αλλά πωλείται επίσης και σε άλλα μέρη του κόσμου όπως στις ΗΠΑ με την επωνυμία Netis.
Ερευνητές στο Trend Micro παρατήρησαν ότι οι Appliances μπορούν να παρέχουν εξωτερική πρόσβαση μέσω της ανοικτής door UDP 53413, από οποιαδήποτε διεύθυνση IP. Επιπλέον, ο κωδικός πρόσβασης που είναι ενσωματωμένος στο firmware επιτρέπει τη σύνδεση στη συσκευή.
Mr. Tim Yeh, a security researcher, says that the password can not be changed and offers a way to hack into any intruder who knows the "secret" string. The same code appears to apply to all Netcore / Netis products.
Mr Yeh Tim says in blog of Trend Micro: “Almost all Netcore / Netis routers seem to have this vulnerability issue, based on data that were examined. A large number of users affected by the vulnerability seem to be concentrated in China, where experts have identified more than two million IP addresses with the aforementioned UDP port open. However, they also found vulnerable devices in Taiwan, South Korea, Israel and the United States, albeit in much smaller numbers. The risk to users is that cybercriminals aim to upload, download and execute files on the routers. And what this means is that the device will be under the attacker's control, leaving its owner exposed to man-in-the-middle (MITM) attacks. MITM is a technique used by today's sophisticated malware to intercept and read communication between the client and the server, even if it is running over a secure connection.”
It is not very difficult for a hacker to exploit this router defect, as a simple port scan can reveal open UDP ports and therefore those who use such vulnerable tools.
Trend Micro also discovered that the configuration file containing the credentials for the web-based console managementrouter was not equipped with any encryption protection, allowing an attacker to download it.
