Backdoor in Linksys and Netgear routers
Not so long ago, they found a backdoor in D-Link , Tenda and Medialink routers, and 2 days ago, a github user under the nickname elvanderb lost access to the web interface of his router and decided to check what happened.
As it turned out , on some models of Linksys and Netgear routers (confirmed by Linksys WAG200G, Netgear DM111Pv2, Linksys WAG320N, and possibly others) also have a built-in backdoor, with more features than other manufacturers of routers.
Backdoor listens on TCP port 32764 and has 13 different functions. :
Read more about this backdoor in the fun PDF of the author.
As it turned out , on some models of Linksys and Netgear routers (confirmed by Linksys WAG200G, Netgear DM111Pv2, Linksys WAG320N, and possibly others) also have a built-in backdoor, with more features than other manufacturers of routers.
Backdoor listens on TCP port 32764 and has 13 different functions. :
- Download NVRAM
- Get specific NVRAM parameter
- Set NVRAM parameter
- Write to NVRAM (nvram-commit)
- Enable Wireless Bridge Mode
- Show connection speed
- Shell
- Upload file
- Show firmware version
- Show IP on WAN interface
- Reset to factory settings
- Read / dev / mtdblock / 0 (bootloader?)
- Overwrite NVRAM
Read more about this backdoor in the fun PDF of the author.
')
Source: https://habr.com/ru/post/208014/
All Articles