The Hacker News

on Saturday, 19 October 2013
 

 

The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

Backdoor found in Chinese Tenda Wireless Routers, allows Root access to Hackers
10/19/2013 9:06:00 AM

Last week Craig Heffner, specialized on the embedded device hacking exposed a serious backdoor in number of D-Link routers allows unauthorized backdoor access.
Recently he published his another researcher, Titled 'From China, With Love', exposed that D-Link is not only the vendor who puts backdoors in their products. According to him China based networking devices and equipments manufacturer - Tenda Technology (www.tenda.cn) also having potential backdoor into their Wireless Routers.
He unpacked the software framework update and locate the httpd binary. He found that the manufacturer is using GoAhead server in router, which has been substantially modified.

These routers are protected with standard Wi-Fi Protected Setup (WPS) and WPA encryption key, but still by sending a UDP packet with a special string , an attacker could take over the router.

Routers contain a flaw in the httpd component, as the MfgThread() function spawns a backdoor service that listens for incoming messages containing commands to execute. A remote attacker with access to the local network can execute arbitrary commands with root privileges, after access.
He observed that, attacker just need run the following telnet server command on UDP port 7329, in order of root gain access:

echo -ne "w302r_mfg\x00x/bin/busybox telnetd" | nc -q 5 -u 7329 192.168.0.1

Where, "w302r_mfg" is the magic string to get access via backdoor.

Some of the vulnerable routers are W302R and W330R as well as re-branded models, such as the Medialink MWN-WAPR150N. Other Tenda routers are also possibly affected. They all use the same "w302r_mfg" magic packet string.

Nmap NSE script to test for the backdoored routers – tenda-backdoor.nse is also available for penetration testing.
Photo of Mohit Kumar Hacker News - Founder and Editor-in-Chief of 'The Hacker News'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker. ()

Popular Stories

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)