Possible link discovered that ties together Wi-Fi routers with backdoors

Share this article:
Possible link discovered that ties together Wi-Fi routers with backdoors
Possible link discovered that ties together Wi-Fi routers with backdoors

A manufacturer of broadband and wireless networking equipment may be the link that ties together a number of Wi-Fi routers that contain backdoors, some of which are vulnerable to remote attacks, according to a researcher.

While tinkering around with his Linksys WAG200G wireless router over the 2013 holiday, Eloi Vanderbeken – who recorded his work in an illustrated slideshow – used some reverse engineering and brute force techniques to execute commands against the device. In the end, Vanderbeken learned that he could reset the router's password and access its administration panel.

“I only had one day to test my codes/assumptions, so the following slides are just some random thoughts/observations,” Vanderbeken wrote in his slideshow presentation.

Since posting his initial findings, Vanderbeken has updated his research, confirming that versions of the Cisco WAP4410N-E, Linksys WAG120N, Netgear DG834B, Netgear DGN2000 and Open WAG200 contain internet backdoors – meaning those devices are vulnerable to remote attacks.

Other Wi-Fi routers – including several devices from Cisco, Linksys, Netgear, Diamond and LevelOne – are listed as being vulnerable to attacks for which a user needs to be connected to the local network.

On the website where he has been updating and discussing his research, Vanderbeken linked to an article that targets Sercomm, a manufacturer of networking equipment, as the bond that ties all these devices together.

The link was not working on Monday afternoon and a Sercomm representative could not immediately be reached by SCMagazine.com for comment.

At the end of December 2013, a German newspaper reported that a number of products, including some by Cisco, contained NSA backdoors.

Share this article:

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.