[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040416143549.24135.qmail@www.securityfocus.com>
Date: 16 Apr 2004 14:35:49 -0000
From: Mariano Firpo <marianofirpo@...icro.com>
To: bugtraq@...urityfocus.com
Subject: Re: Backdoor in X-Micro WLAN 11b Broadband Router
In-Reply-To: <84smfb7rmf.fsf@...ko.hu>
X-Micro Support Team:
1- The backdoor has been solved with the latest Firmware 1.601.
2- Please do not upgrade the Firmware with unofficial releases because this will void the warranty.
3- Thanks for posting this security issue.
Warm Regards,
X-Micro Support Dep.
Tel: 886-2-8226-2727
Fax: 886-2-8226-2828
======================================
X-Micro Technology Corp.
Plug & Fly
Web site: http://www.x-micro.com
Email: support@...icro.com
Address: 13F-4, No.738, Chung Cheng Road,
Chung Ho City, Taipei Hsien, Taiwan 235, R.O.C
========================================================================
>Received: (qmail 18194 invoked from network); 10 Apr 2004 19:22:18 -0000
>Received: from outgoing2.securityfocus.com (205.206.231.26)
> by mail.securityfocus.com with SMTP; 10 Apr 2004 19:22:18 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id B5BF58FD7D; Sat, 10 Apr 2004 07:07:30 -0600 (MDT)
>Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@...urityfocus.com>
>List-Help: <mailto:bugtraq-help@...urityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com>
>Delivered-To: mailing list bugtraq@...urityfocus.com
>Delivered-To: moderator for bugtraq@...urityfocus.com
>Received: (qmail 15203 invoked from network); 10 Apr 2004 09:53:09 -0000
>X-Injected-Via-Gmane: http://gmane.org/
>To: bugtraq@...urityfocus.com
>From: RISKO Gergely <xmicro@...ko.hu>
>Subject: Backdoor in X-Micro WLAN 11b Broadband Router
>Date: Sat, 10 Apr 2004 17:57:28 +0200
>Lines: 44
>Message-ID: <84smfb7rmf.fsf@...ko.hu>
>Mime-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>X-Complaints-To: usenet@....gmane.org
>X-Gmane-NNTP-Posting-Host: jenson.atom.hu
>User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux)
>Cancel-Lock: sha1:4AtmZs1UPAU7ehxwci26psrCyRM=
>Sender: news <news@....gmane.org>
>
>Backdoor in the X-Micro WLAN 11b Broadband Router
>
>FCC ID: RAFXWL-11BRRG
>Firmware Version: 1.2.2, 1.2.2.3 (probably others too)
>Remote: yes, easily expoitable
>Type: administration password, which always works
>
>The following username and password works in every case, even if you
>set an other password on the web interface:
>Username: super
>Password: super
>
>By default the builtin webserver is listening on all network
>interfaces (if connected to the internet, then it is accessible from
>the internet too). Using the webinterface one can install new
>firmware, download the old, view your password, etc., so he can:
> - make your board totally unusable, beyond repair
> - install viruses, trojans, sniffers, etc. in your router
> - get your password for your provider and maybe for your emails.
>
>Possible fixes:
>1. Set up portforwarding, and forward port 80, this way from the WAN
> interface an attack is impossible. But be aware, that anyone in your
> local LAN (possible over a wireless connection) can login to your
> router.
>
>2. Upload a fixed firmware. I've made an unofficial (but fixed)
> one. You can download it from
> http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/xm-11brrg-0.1.bin
> This firmware is unofficial. NO WARRANTY.
> This firmware also fix other bugs, for a list see:
> http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/Changes
> The tool, which used to create the image also released under the
> GPL: http://xmicro.risko.hu/US8181-20040410.tar.gz
> DOCS: http://xmicro.risko.hu/
>
>I don't know that the folks at X-Micro (who built this so nasty
>backdoor in this device) when will reply, I bcc'ed this mail to them.
>I've chosen not contact with them earlier, because they violated the
>GPL seriously, the open source community tried to communicate with
>them, but without any positive results. And I'm sure that they know
>about this remote backdoor.
>
>Gergely Risko
>
>
Powered by blists - more mailing lists