| Filename | Hacking Wireless DSL routers via Administrative password Reset Vulnerability |
| Permission | rw-r--r-- |
| Author | Unknown |
| Date and Time | 1/05/2014 |
| Label | Cyber News| Penetration |
| Action |
Ethical Hacking Institute in Pune
./Arizona Team
If you want to hack a Netgear and Linkys Wireless Routers, there is a quick backdoor entry available, that allow an attacker to reset the admin panel password to defaults.
Eloi Vanderbeken, a hacker and reverse-engineer from France has discovered an administration password Reset vulnerability in many Netgear and Linkys Routers.
In a blog post, Eloi said that During Christmas Holidays he forgot the admin interface password of his Linksys WAG200G router and in an effort to gain access back of its administration panel, he first scanned the Router and found a suspicious open TCP port i.e. 32764.
To do further research on this port service, he downloaded a copy Linksys firmware and reverse-engineered it. He found was a secret backdoor interface that allowed him to send commands to the router from a command-line shell without being authenticated as the administrator.
Then he tried to Brute-force the login available at that port, but doing so flips the router's configuration back to factory settings with default router administration username and password.
'The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources.'
He described the complete details of this Serious vulnerability in above slides. After his post, other hackers around the world did further research, that shows that these devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin and various others may be affected as well. The Complete List of vulnerable devices is available at his GitHub post i.e. Linksys WAG200G, Netgear DM111Pv2, Linksys WAG320N, Linksys WAG54G2, DGN1000 Netgear N150 and many more.
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
./Arizona Team
If you want to hack a Netgear and Linkys Wireless Routers, there is a quick backdoor entry available, that allow an attacker to reset the admin panel password to defaults.
Eloi Vanderbeken, a hacker and reverse-engineer from France has discovered an administration password Reset vulnerability in many Netgear and Linkys Routers.
In a blog post, Eloi said that During Christmas Holidays he forgot the admin interface password of his Linksys WAG200G router and in an effort to gain access back of its administration panel, he first scanned the Router and found a suspicious open TCP port i.e. 32764.
To do further research on this port service, he downloaded a copy Linksys firmware and reverse-engineered it. He found was a secret backdoor interface that allowed him to send commands to the router from a command-line shell without being authenticated as the administrator.
Then he tried to Brute-force the login available at that port, but doing so flips the router's configuration back to factory settings with default router administration username and password.
'The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources.'
He described the complete details of this Serious vulnerability in above slides. After his post, other hackers around the world did further research, that shows that these devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin and various others may be affected as well. The Complete List of vulnerable devices is available at his GitHub post i.e. Linksys WAG200G, Netgear DM111Pv2, Linksys WAG320N, Linksys WAG54G2, DGN1000 Netgear N150 and many more.
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune