January 2, 2014 at 12:24Backdoor on Linksys and Netgear Routers
Not so long ago, we found a backdoor in D-Link , Tenda and Medialink routers , and 2 days ago, a github user with the nickname elvanderb lost access to the web interface of his router and decided to check what happened.
As it turned out , some models of Linksys and Netgear routers (confirmed by Linksys WAG200G, Netgear DM111Pv2, Linksys WAG320N, and possibly others) also have a built-in backdoor, with more features than other manufacturers of routers.
Backdoor listens on TCP port 32764 and has 13 different functions:
You can read more about this backdoor in the author’s fun PDF.
As it turned out , some models of Linksys and Netgear routers (confirmed by Linksys WAG200G, Netgear DM111Pv2, Linksys WAG320N, and possibly others) also have a built-in backdoor, with more features than other manufacturers of routers.
Backdoor listens on TCP port 32764 and has 13 different functions:
- Dump NVRAM
- Get a specific NVRAM parameter
- Set NVRAM
- Write to NVRAM (nvram-commit)
- Enable Wireless Bridge
- Show connection speed
- Shell
- Upload file
- Show firmware version
- Show IP on the WAN interface
- Restore factory settings
- Read / dev / mtdblock / 0 (bootloader?)
- Overwrite NVRAM
You can read more about this backdoor in the author’s fun PDF.