lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <84smfb7rmf.fsf@risko.hu>
Date: Sat, 10 Apr 2004 17:57:28 +0200
From: RISKO Gergely <xmicro@...ko.hu>
To: bugtraq@...urityfocus.com
Subject: Backdoor in X-Micro WLAN 11b Broadband Router


Backdoor in the X-Micro WLAN 11b Broadband Router

FCC ID: RAFXWL-11BRRG
Firmware Version: 1.2.2, 1.2.2.3 (probably others too)
Remote: yes, easily expoitable
Type: administration password, which always works

The following username and password works in every case, even if you
set an other password on the web interface:
Username: super
Password: super

By default the builtin webserver is listening on all network
interfaces (if connected to the internet, then it is accessible from
the internet too). Using the webinterface one can install new
firmware, download the old, view your password, etc., so he can:
 - make your board totally unusable, beyond repair
 - install viruses, trojans, sniffers, etc. in your router
 - get your password for your provider and maybe for your emails.

Possible fixes:
1. Set up portforwarding, and forward port 80, this way from the WAN
   interface an attack is impossible. But be aware, that anyone in your
   local LAN (possible over a wireless connection) can login to your
   router.

2. Upload a fixed firmware. I've made an unofficial (but fixed)
   one. You can download it from
   http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/xm-11brrg-0.1.bin
   This firmware is unofficial. NO WARRANTY.
   This firmware also fix other bugs, for a list see: 
   http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/Changes
   The tool, which used to create the image also released under the
   GPL: http://xmicro.risko.hu/US8181-20040410.tar.gz
   DOCS: http://xmicro.risko.hu/

I don't know that the folks at X-Micro (who built this so nasty
backdoor in this device) when will reply, I bcc'ed this mail to them.
I've chosen not contact with them earlier, because they violated the
GPL seriously, the open source community tried to communicate with
them, but without any positive results. And I'm sure that they know
about this remote backdoor.

Gergely Risko



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ