Backdoor Found in Routers

Friday, January 3, 2014 @ 04:01 PM gHale

There is a backdoor in Linksys and Netgear wireless routers that can allow attackers to reset the devices’ configuration to factory settings, a researcher said.

Just by accident French security systems’ engineer Eloi Vanderbeken found the vulnerability in his own Linksys WAG200G wireless DSL gateway, after deciding to limit the bandwidth used by his holiday guests and remembering he forgot the complex username and password combination he chose for accessing the router’s administration panel.

D-Link Patches Router Bugs
XSS Bugs in D-Link Routers
Series of Bugs in Server Systems
IBM: Storage Vulnerability Alert

By probing and prodding the device’s firmware, he discovered there was an unknown service listening on network port TCP 32764. The service accepts thirteen types of messages, among which are two that allowed him to peak into the configuration settings, and one that restored the router to its default factory settings.

After sharing the details, attackers across the globe hecked what other routers have the same backdoor. As it turned out, there is quite a list on his blog.

The list found the affected devices have one thing in common: Sercomm made them. Sercomm is a company that builds routers both under its own name and for several other companies, including Linksys and Netgear.

Other companies Sercomm works for are 3Com, Aruba and Belkin.

SANS ISC CTO Johannes Ullrich said since the revelation of the existence of the backdoor, they have been seeing an increase in probes for port TCP 32764.

Leave a Reply

You must be logged in to post a comment.