Hardcoded Password Opens Router Backdoor

Wednesday, August 27, 2014 @ 03:08 PM gHale

Some routers manufactured in China have a password planted in the firmware, which grants the opportunity to bypass device security and access it in order to run arbitrary code.

The networking equipment sold in the U.S. and other parts of the world sells under the Netis brand and in China as Netcore.

Attacks Drop as NTP Servers Patched
DHS Contractor Suffers Breach
1.2B Credentials Stolen from Sites
Solar Companies Under Attack

Researchers at Trend Micro said if they provide external access, they can gain access to the devices through open UDP port number 53413, from any IP address.

Moreover, a password hardcoded in the firmware permits logging into the device. The passcode cannot end up changed, essentially offering a way in to any attacker who knows the “secret” string, said Trend Micro Threat Researcher Tim Yeh.

It appears the same password ends up used for all Netcore/Netis products. “Almost all Netcore/Netis routers appear to have this vulnerability, based on the information we examined,” said Yeh on the Trend Micro blog.

Users affected by the vulnerability appear to be in China, where the experts detected more than two million IP addresses with the aforementioned UDP port open.

However, they also found vulnerable devices in Taiwan, South Korea, Israel and the United States, albeit in smaller amounts.

The risk run by users is cybercriminals targeting them can upload, download and run files on their routers. What this means is the device is under the attacker’s control, leaving its owner exposed to man-in-the-middle (MitM) attacks.

Trend Micro also discovered the configuration file containing the credentials for the web-based administration console on the router has no encryption protection, allowing an attacker to download it.

“Users have relatively few solutions available to remedy this issue. Support for Netcore routers by open source firmware like dd-wrt and Tomato is essentially limited; only one router appears to have support at all. Aside from that, the only adequate alternative would be to replace these devices,” Yeh said.

Leave a Reply

You must be logged in to post a comment.