Consumer Broadband ISP Routers Exposed via New Backdoor Exploit (Netgear, Linksys, Cisco & others)

KIA

KIA

Man of Honour
Joined
14 Nov 2004
Posts
13,766
I forgot to post about this several days ago when the news broke. Thanks go to ISPReview for reminding me.

Backdoor confirmed in (LISTENING ON THE INTERNET):

  • Cisco WAP4410N-E 2.0.1.0, 2.0.3.3, 2.0.4.2, 2.0.6.1 (issue 44)
  • Linksys WAG120N (@p_w999)
  • Netgear DG834B V5.01.14 (@domainzero)
  • Netgear DGN2000 1.1.1, 1.1.11.0, 1.3.10.0, 1.3.11.0, 1.3.12.0 (issue 44)
  • OpenWAG200 maybe a little bit TOO open ;) (issue 49)

Backdoor confirmed in:

  • Cisco RVS4000 fwv 2.0.3.2 (issue 57)
  • Cisco WAP4410N (issue 11)
  • Cisco WRVS4400N
  • Cisco WRVS4400N (issue 36)
  • Diamond DSL642WLG / SerComm IP806Gx v2 TI (https://news.ycombinator.com/item?id=6998682)
  • LevelOne WBR3460B (http://www.securityfocus.com/archive/101/507219/30/0/threaded)
  • Linksys RVS4000 Firmware V1.3.3.5 (issue 55)
  • Linksys WAG120N (issue 58)
  • Linksys WAG160n v1 and v2 (@xxchinasaurxx @saltspork)
  • Linksys WAG200G
  • Linksys WAG320N (http://zaufanatrzeciastrona.pl/post...-ruterach-linksysa-i-prawdopodobnie-netgeara/)
  • Linksys WAG54G2 (@_xistence)
  • Linksys WAG54GS (@henkka7)
  • Linksys WRT350N v2 fw 2.00.19 (issue 39)
  • Linksys WRT300N fw 2.00.17 (issue 34)
  • Netgear DG834[∅, GB, N, PN, GT] version < 5 (issue 19 & issue 25 & issue 62 & jd & Burn2 Dev)
  • Netgear DGN1000 (don’t know if there is a difference with the others N150 ones… issue 27)
  • Netgear DGN1000 N150 (issue 3)
    [*]Netgear DGN2000B (issue 26)
    [*]Netgear DGN3500 (issue 13)
    [*]Netgear DGND3300 (issue 56)
    [*]Netgear DGND3300Bv2 fwv 2.1.00.53_1.00.53GR (issue 59)
    [*]Netgear DM111Pv2 (@eguaj)
    [*]Netgear JNR3210 (issue 37)


http://www.ispreview.co.uk/index.ph...routers-exposed-via-new-backdoor-exploit.html
https://github.com/elvanderb/TCP-32764
 
Soldato
Joined
10 Jun 2005
Posts
2,605
Thanks for the heads up. Gives me a reason to upgrade if manual firewall rule isn't enough.

Wonder if Asus DSL-n55u and n66u are affected?
 
Associate
Joined
16 Aug 2011
Posts
1,530
Location
Ireland
Probing my port eh - result -

Port - 32764
Status - Stealth
Protocol and Application -Unknown Protocol for this port
Unknown Application for this port

Bt hub 3.0 Version A
 
Associate
Joined
16 Aug 2011
Posts
1,530
Location
Ireland
Same on BT Home Hub 5 (Type A).

Good to know this - getting the hub 5 on Tuesday myself. Just curious are you making use of the ac/5ghz and if so what adapter are you using and what's your thoughts on it, thanks :)

@thenewoc - you could always disable kaspersky for just a few seconds and re-try test, see if its the technicolor or the anti virus :)
 
Soldato
Joined
10 Jun 2005
Posts
2,605
Had a disconnection from router so checked logs and found these two entries that relate to a custom firewall rule I made after this news story.

Tue, 2014-06-03 18:55:45 - TCP Packet - Source:*****,***** Destination:*****,32764 - [backdoor rule match]
Tue, 2014-06-03 19:21:46 - TCP Packet - Source:******,***** Destination:*****,32764 - [backdoor rule match]

Looks like time to shop for a replacement modem router?
 
Soldato
Joined
11 Oct 2009
Posts
16,536
Location
Greater London
Probing my port eh - result -

Port - 32764
Status - Stealth
Protocol and Application -Unknown Protocol for this port
Unknown Application for this port

Bt hub 3.0 Version A

Same on my Asus RT-N53... are you all using the white modem with BT Infinity by any chance?

And I don't really understand what this result mean... does that mean I'm safe?
 
Soldato
Joined
10 Jun 2005
Posts
2,605
The above was from a Netgear DG834G V2.

Probably only know of packets sent as I made firewall rule when backdoor was first reported. Hopefully it won't get bypassed.
 
Back
Top Bottom