Home
 » ISP News » 
Sponsored

Consumer Broadband ISP Routers Exposed via New Backdoor Exploit

Tuesday, January 7th, 2014 (1:12 pm) - Score 4,708
security_broadband_isp_routers

Broadband ISP customers that own some models of Cisco, Netgear, Linksys or certain other routers could be vulnerable to a new backdoor exploit that allows a hacker to remotely input their own admin password and possibly gain full access to your network.

The hack, which has been published by Eloi Vanderbeken on Github (note: more details via Hacker News), is increasingly believed to be common among devices that were physically manufactured, on behalf of the big router firms, by Sercomm.

Vanderbeken noted that many of these devices, such as for example Netgear’s DGN2000 and DG834B, appeared to be listening on an undocumented service via TCP port 32764 (note: not all models will listen via this port over the Internet / WAN but some do).

A little reverse engineering later and Vanderbeken found that he could send commands to the router via this port and without needing an administrator’s password. At this stage his access was still limited but it didn’t take him long to figure out how to reset the admin password for full access.

Backdoor confirmed in (LISTENING ON THE INTERNET):

  • Cisco WAP4410N-E 2.0.1.0, 2.0.3.3, 2.0.4.2, 2.0.6.1 (issue 44)
  • Linksys WAG120N (@p_w999)
  • Netgear DG834B V5.01.14 (@domainzero)
  • Netgear DGN2000 1.1.1, 1.1.11.0, 1.3.10.0, 1.3.11.0, 1.3.12.0 (issue 44)
  • OpenWAG200 maybe a little bit TOO open 😉 (issue 49)

Backdoor confirmed in:

The exploit is also believed to be present in a number of other routers, although we’ve only listed the fully confirmed ones above. On some models the simplest solution to this exploit is to create a new Firewall Rule in your router that blocks access to TCP 32764, although it’s noted that this didn’t appear to work on the Cisco RVS4000 and others may share a similar problem.

Leave a Comment
2 Responses
  1. Avatar Johno says:

    Thats it I give up on consumer routers, I’m going to break out the old Pentium 4 from loft and make a router with either PFSense or m0n0wall.
    Going to need a modem that works out of the box but nothing I can’t research.

  2. Avatar Sledgehammer says:

    It would be no fun for the government and hackers if they could not spy on what we all do. Steal our identity, rob us of cash and generally screw up ones pc. I think the time is approaching to give up the internet, then let them try spying on us.

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £22.00
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Onestream £22.49 (*29.99)
    Avg. Speed 45Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*35.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
  • Vodafone £23.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2768)
  2. FTTP (2746)
  3. FTTC (1783)
  4. Building Digital UK (1740)
  5. Politics (1662)
  6. Openreach (1619)
  7. Business (1429)
  8. FTTH (1340)
  9. Statistics (1240)
  10. Mobile Broadband (1221)
  11. Fibre Optic (1062)
  12. 4G (1052)
  13. Wireless Internet (1020)
  14. Ofcom Regulation (1014)
  15. Virgin Media (1004)
  16. EE (696)
  17. Sky Broadband (668)
  18. Vodafone (666)
  19. TalkTalk (661)
  20. 5G (514)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact