HackDig : Dig high-quality web security articles for hacker

Hardcoded Password in Netis, Netcore Routers Offers Backdoor to Devices

2014-08-26 07:20
A password planted in the firmware of some routers manufactured in China offers attackers the possibility to bypass device security and access it in order to run arbitrary code.

The networking equipment goes by the name of Netcore in China, but it is also sold in other parts of the world, the US included, under the Netis brand.

Researchers at Trend Micro have observed that if they provide external access, the devices can be accessed through open UDP port number 53413, from any IP address.

Moreover, a password hardcoded in the firmware permits logging into the device. Tim Yeh, threat researcher at the security firm, says that the passcode cannot be changed, essentially offering a way in to any attacker who knows the “secret” string.

It appears that the same password is used for all Netcore/Netis products. “Almost all Netcore/Netis routers appear to have this vulnerability, based on the information we examined,” writes Yeh on the company blog.

A large number of the users affected by the vulnerability seem to be concentrated in China, where the experts detected more than two million IP addresses with the aforementioned UDP port open.

However, they also found vulnerable devices in Taiwan, South Korea, Israel and the United States, although in much smaller numbers.

The risk run by the users is that cybercriminals targeting them can upload, download and run files on their routers. What this means is that the device is under the attacker’s control, leaving its owner exposed to man-in-the-middle (MitM) attacks.

MitM is a technique used by more sophisticated malware to intercept and read communication between the client and the server, even if it is run through a secure connection. Basically, the threat actor interposes between the two communicating parties, with little signs of suspicion, which are often disregarded by the user.

Exploiting this flaw is not too difficult, as a simple port scan can reveal the open UDP ports to anyone using such an online tool.

Trend Micro also discovered that the configuration file containing the credentials for the web-based administration console on the router was provided with no encryption protection, allowing an attacker to download it.

“Users have relatively few solutions available to remedy this issue. Support for Netcore routers by open source firmware like dd-wrt and Tomato is essentially limited; only one router appears to have support at all. Aside from that, the only adequate alternative would be to replace these devices,” advises Yeh. 


Source: eciveD-ot-roodkcaB-sreffO-sretuoR-erocteN-siteN-ni-drowssaP-dedocdraH/swen/moc.aideptfos.swen

Read:3559 | Comments:0 | Tags:Security

“Hardcoded Password in Netis, Netcore Routers Offers Backdoor to Devices”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud