Incident Response, TDR, Vulnerability Management

Researchers warn of backdoor in Netis, Netcore routers

Routers by Netcore, a vendor in China, are impacted by a backdoor which could allow attackers to run malicious code on the devices, researchers revealed.

While the backdoor primarily impacts consumers in China, the devices are also distributed under the Netis brand name outside of the country, including South Korea, Taiwan, Israel and United States, Trend Micro threat researcher Tim Yeh said Monday.

In the blog post, Yeh wrote that the backdoor stemmed from an open UDP port, which was accessible from the WAN side of the router. “This means that if the router in question has an externally accessible IP address…an attacker from anywhere on the internet can access this backdoor,” Yeh said.

The only thing safeguarding the backdoor from attackers, Yeh added, was a single, hardcoded password located in the router's firmware. Users can determine whether their router is impacted here.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.