Netgear Hides Router Backdoor Instead of Fixing It

by
in security on (#3J8)
story imageA very recent firmware analysis from the reverse engineer Eloi Vanderbeken shows that NETGEAR didn't fix the backdoor on port 32764 but instead implemented a knocking feature that is now required to unlock the service.

Summary from the slides: The knocking feature is initiated when a "packet type == 0x201" arrived at "ft_tool" that listens to the Ethernet packets. It only works with EtherType 0x8888 and the payload has to be "45d1bb339b07a6618b2114dbc0d7783e" which is the MD5-hash of the model number DGN1000. If such a packet arrives, the backdoor service /usr/bin/scfgmgr f- is launched.

Ars Technica reports :
The nature of the change, which leverages the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware and not just a mistake made in coding. "It's DELIBERATE," Vanderbecken asserted in his presentation.

(Cross posted on Soylentnews)

Re: Okay (Score: 1, Interesting)

by Anonymous Coward on 2014-04-24 01:47 (#15J)

http://orp1.com/
Try the ORP1
Post Comment

Warning: Undefined array key 0 in /var/pipedot/include/captcha.php on line 64

Warning: Trying to access array offset on null in /var/pipedot/include/captcha.php on line 64

Warning: Undefined array key 0 in /var/pipedot/include/captcha.php on line 64

Warning: Trying to access array offset on null in /var/pipedot/include/captcha.php on line 64

Warning: Undefined array key 0 in /var/pipedot/include/captcha.php on line 64

Warning: Trying to access array offset on null in /var/pipedot/include/captcha.php on line 64

Warning: Cannot modify header information - headers already sent by (output started at /var/pipedot/include/captcha.php:64) in /var/pipedot/lib/tools/tools.php on line 1540

Warning: Cannot modify header information - headers already sent by (output started at /var/pipedot/include/captcha.php:64) in /var/pipedot/lib/tools/tools.php on line 1549

Warning: Cannot modify header information - headers already sent by (output started at /var/pipedot/include/captcha.php:64) in /var/pipedot/include/common.php on line 80

Warning: Cannot modify header information - headers already sent by (output started at /var/pipedot/include/captcha.php:64) in /var/pipedot/include/common.php on line 82
Fatal Error - sql [update captcha_challenge set captcha_id = ? where remote_ip = ?] arg [, 216.73.217.115] msg [SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'captcha_id' cannot be null] - Pipedot
Fatal Error
sql [update captcha_challenge set captcha_id = ? where remote_ip = ?] arg [, 216.73.217.115] msg [SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'captcha_id' cannot be null]
Subject
Comment