Possible link discovered that ties together Wi-Fi routers with backdoors

Share this article:
Possible link discovered that ties together Wi-Fi routers with backdoors
Possible link discovered that ties together Wi-Fi routers with backdoors

A manufacturer of broadband and wireless networking equipment may be the link that ties together a number of Wi-Fi routers that contain backdoors, some of which are vulnerable to remote attacks, according to a researcher.

While tinkering around with his Linksys WAG200G wireless router over the 2013 holiday, Eloi Vanderbeken – who recorded his work in an illustrated slideshow – used some reverse engineering and brute force techniques to execute commands against the device. In the end, Vanderbeken learned that he could reset the router's password and access its administration panel.

“I only had one day to test my codes/assumptions, so the following slides are just some random thoughts/observations,” Vanderbeken wrote in his slideshow presentation.

Since posting his initial findings, Vanderbeken has updated his research, confirming that versions of the Cisco WAP4410N-E, Linksys WAG120N, Netgear DG834B, Netgear DGN2000 and Open WAG200 contain internet backdoors – meaning those devices are vulnerable to remote attacks.

Other Wi-Fi routers – including several devices from Cisco, Linksys, Netgear, Diamond and LevelOne – are listed as being vulnerable to attacks for which a user needs to be connected to the local network.

On the website where he has been updating and discussing his research, Vanderbeken linked to an article that targets Sercomm, a manufacturer of networking equipment, as the bond that ties all these devices together.

The link was not working on Monday afternoon and a Sercomm representative could not immediately be reached by SCMagazine.com for comment.

At the end of December 2013, a German newspaper reported that a number of products, including some by Cisco, contained NSA backdoors.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

PHP vulnerabilities patched

Developers patched multiple vulnerabilities in PHP that would have allowed remote code execution.

Pennyslvania man sentenced after 'swatting' prank

Pennyslvania man sentenced after 'swatting' prank

David Barnhouse was sentenced to 18 months in prison after he hacked into a neighbor's Verizon FiOS router to post a bomb threat on a Pennsylvania mall's website.

Cisco announces winners of Security Grand Challenge

Cisco unveiled the winners of three Security Grand Challenges and announced a fourth challenge, aimed at women.