Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 2nd January 2014
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,506
Default Backdoor in wireless DSL routers lets attacker reset router, get admin

From http://arstechnica.com/security/2014...ter-get-admin/

A hacker has found a backdoor to wireless combination router/DSL modems that could allow an attacker to reset the router’s configuration and gain access to the administrative control panel. The attack, confirmed to work on several Linksys and Netgear DSL modems, exploits an open port accessible over the wireless local network.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 4th January 2014
hitest's Avatar
hitest hitest is offline
Real Name: George Nielsen
Package Pilot
Join Date: Sep 2008
Location: B.C., Canada
Posts: 217

Thanks for the heads-up. I'm glad I have a Motorolla Cable modem.
Reply With Quote
  #3   (View Single Post)  
Old 5th January 2014
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
Join Date: Jun 2010
Posts: 429

I have a NetGear (running ddwrt because the stock image was vulnerable to WPS attacks...it's a WNR2000 v2, which v1 and v3 are openwrt supported, v2 is not). My other WAP is a Buffalo N600 running openwrt (nothing against ddwrt, just wanted to learn another image since I already have ddwrt on the NetGear).

It's really not surprising, given these vendors' "security record".
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.

Last edited by rocket357; 5th January 2014 at 11:30 AM.
Reply With Quote
  #4   (View Single Post)  
Old 6th January 2014
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 828

I could easily be wrong, but my sense is that back door might be there intentionally for service personnel to recover a locked out router? If so, I imagine Linksys et al will not be happy about this report. Although it's also a bit surprising it wasn't already known if this were the case.

I recently got a free used Linksys wireless router and downloaded the latest vendor firmware for it (dd-wrt still to come). As part of the download process you're supposed to read and agree to an EULA. I just skimmed it, but I noticed there was a bit about agreeing not to dis-assemble anything.

I hope the Linksys lawyers won't be going after the hacker. Maybe the fact that there is a vulnerability in their systems, whatever the intent of it, would make that too much of a public relations disaster for them to pursue.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Routing/NAT problem setting up home wireless router on Alix board ritter_k OpenBSD General 11 17th November 2013 08:36 PM
Wireless router with USB port/longest battery life? Emile General Hardware 0 19th March 2011 02:54 PM
router sees my wireless mac addres but I cannot ping it gosha OpenBSD General 7 26th July 2009 10:38 PM
Connecting to wireless router TomAmundsen FreeBSD General 19 25th August 2008 10:14 PM
Wireless Router Compat questions whispersGhost Solaris 11 2nd June 2008 09:16 AM

All times are GMT. The time now is 11:57 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick