Jump to content
aelius

Hacking Wireless DSL routers via Administrative password Reset Vulnerability

Recommended Posts

Posted

In a blog post, Eloi said that During Christmas Holidays he forgot the admin interface password of his Linksys WAG200G router and in an effort to gain access back of its administration panel, he first scanned the Router and found a suspicious open TCP port i.e. 32764.

To do further research on this port service, he downloaded a copy Linksys firmware and reverse-engineered it. He found was a secret backdoor interface that allowed him to send commands to the router from a command-line shell without being authenticated as the administrator.

Then he tried to Brute-force the login available at that port, but doing so flips the router's configuration back to factory settings with default router administration username and password.

'The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources.'

He described the complete details of this Serious vulnerability in above slides. After his post, other hackers around the world did further research, that shows that these devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin and various others may be affected as well.

Source: Hacking Wireless DSL routers via Administrative password Reset Vulnerability

The Python based exploit script can be downloaded from here: https://github.com/elvanderb/TCP-32764

The Complete List of vulnerable devices can be found here: https://github.com/elvanderb/TCP-32764/blob/master/README.md

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...