BugTraq
Back to list
|
Post reply
Re: Backdoor in X-Micro WLAN 11b Broadband Router
Apr 16 2004 02:35PM
Mariano Firpo (marianofirpo x-micro com)
(1 replies)
In-Reply-To: <84smfb7rmf.fsf (at) risko (dot) hu [email concealed]>
X-Micro Support Team:
1- The backdoor has been solved with the latest Firmware 1.601.
2- Please do not upgrade the Firmware with unofficial releases because this will void the warranty.
3- Thanks for posting this security issue.
Warm Regards,
X-Micro Support Dep.
Tel: 886-2-8226-2727
Fax: 886-2-8226-2828
======================================
X-Micro Technology Corp.
Plug & Fly
Web site: http://www.x-micro.com
Email: support (at) x-micro (dot) com [email concealed]
Address: 13F-4, No.738, Chung Cheng Road,
Chung Ho City, Taipei Hsien, Taiwan 235, R.O.C
========================================================================
>Received: (qmail 18194 invoked from network); 10 Apr 2004 19:22:18 -0000
>Received: from outgoing2.securityfocus.com (205.206.231.26)
> by mail.securityfocus.com with SMTP; 10 Apr 2004 19:22:18 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id B5BF58FD7D; Sat, 10 Apr 2004 07:07:30 -0600 (MDT)
>Mailing-List: contact bugtraq-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bugtraq-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bugtraq-subscribe (at) securityfocus (dot) com [email concealed]>
>Delivered-To: mailing list bugtraq (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bugtraq (at) securityfocus (dot) com [email concealed]
>Received: (qmail 15203 invoked from network); 10 Apr 2004 09:53:09 -0000
>X-Injected-Via-Gmane: http://gmane.org/
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>From: RISKO Gergely <xmicro (at) risko (dot) hu [email concealed]>
>Subject: Backdoor in X-Micro WLAN 11b Broadband Router
>Date: Sat, 10 Apr 2004 17:57:28 +0200
>Lines: 44
>Message-ID: <84smfb7rmf.fsf (at) risko (dot) hu [email concealed]>
>Mime-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>X-Complaints-To: usenet (at) sea.gmane (dot) org [email concealed]
>X-Gmane-NNTP-Posting-Host: jenson.atom.hu
>User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux)
>Cancel-Lock: sha1:4AtmZs1UPAU7ehxwci26psrCyRM=
>Sender: news <news (at) sea.gmane (dot) org [email concealed]>
>
>Backdoor in the X-Micro WLAN 11b Broadband Router
>
>FCC ID: RAFXWL-11BRRG
>Firmware Version: 1.2.2, 1.2.2.3 (probably others too)
>Remote: yes, easily expoitable
>Type: administration password, which always works
>
>The following username and password works in every case, even if you
>set an other password on the web interface:
>Username: super
>Password: super
>
>By default the builtin webserver is listening on all network
>interfaces (if connected to the internet, then it is accessible from
>the internet too). Using the webinterface one can install new
>firmware, download the old, view your password, etc., so he can:
> - make your board totally unusable, beyond repair
> - install viruses, trojans, sniffers, etc. in your router
> - get your password for your provider and maybe for your emails.
>
>Possible fixes:
>1. Set up portforwarding, and forward port 80, this way from the WAN
> interface an attack is impossible. But be aware, that anyone in your
> local LAN (possible over a wireless connection) can login to your
> router.
>
>2. Upload a fixed firmware. I've made an unofficial (but fixed)
> one. You can download it from
> http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/xm-11brrg-0.1.bin
> This firmware is unofficial. NO WARRANTY.
> This firmware also fix other bugs, for a list see:
> http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/Changes
> The tool, which used to create the image also released under the
> GPL: http://xmicro.risko.hu/US8181-20040410.tar.gz
> DOCS: http://xmicro.risko.hu/
>
>I don't know that the folks at X-Micro (who built this so nasty
>backdoor in this device) when will reply, I bcc'ed this mail to them.
>I've chosen not contact with them earlier, because they violated the
>GPL seriously, the open source community tried to communicate with
>them, but without any positive results. And I'm sure that they know
>about this remote backdoor.
>
>Gergely Risko
>
>
[ reply ]
NEW backdoor in X-Micro WLAN 11b Broadband Router
Apr 16 2004 09:35PM
RISKO Gergely (xmicro risko hu)
Privacy Statement
Copyright 2010, SecurityFocus
X-Micro Support Team:
1- The backdoor has been solved with the latest Firmware 1.601.
2- Please do not upgrade the Firmware with unofficial releases because this will void the warranty.
3- Thanks for posting this security issue.
Warm Regards,
X-Micro Support Dep.
Tel: 886-2-8226-2727
Fax: 886-2-8226-2828
======================================
X-Micro Technology Corp.
Plug & Fly
Web site: http://www.x-micro.com
Email: support (at) x-micro (dot) com [email concealed]
Address: 13F-4, No.738, Chung Cheng Road,
Chung Ho City, Taipei Hsien, Taiwan 235, R.O.C
========================================================================
>Received: (qmail 18194 invoked from network); 10 Apr 2004 19:22:18 -0000
>Received: from outgoing2.securityfocus.com (205.206.231.26)
> by mail.securityfocus.com with SMTP; 10 Apr 2004 19:22:18 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id B5BF58FD7D; Sat, 10 Apr 2004 07:07:30 -0600 (MDT)
>Mailing-List: contact bugtraq-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bugtraq-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bugtraq-subscribe (at) securityfocus (dot) com [email concealed]>
>Delivered-To: mailing list bugtraq (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bugtraq (at) securityfocus (dot) com [email concealed]
>Received: (qmail 15203 invoked from network); 10 Apr 2004 09:53:09 -0000
>X-Injected-Via-Gmane: http://gmane.org/
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>From: RISKO Gergely <xmicro (at) risko (dot) hu [email concealed]>
>Subject: Backdoor in X-Micro WLAN 11b Broadband Router
>Date: Sat, 10 Apr 2004 17:57:28 +0200
>Lines: 44
>Message-ID: <84smfb7rmf.fsf (at) risko (dot) hu [email concealed]>
>Mime-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>X-Complaints-To: usenet (at) sea.gmane (dot) org [email concealed]
>X-Gmane-NNTP-Posting-Host: jenson.atom.hu
>User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux)
>Cancel-Lock: sha1:4AtmZs1UPAU7ehxwci26psrCyRM=
>Sender: news <news (at) sea.gmane (dot) org [email concealed]>
>
>Backdoor in the X-Micro WLAN 11b Broadband Router
>
>FCC ID: RAFXWL-11BRRG
>Firmware Version: 1.2.2, 1.2.2.3 (probably others too)
>Remote: yes, easily expoitable
>Type: administration password, which always works
>
>The following username and password works in every case, even if you
>set an other password on the web interface:
>Username: super
>Password: super
>
>By default the builtin webserver is listening on all network
>interfaces (if connected to the internet, then it is accessible from
>the internet too). Using the webinterface one can install new
>firmware, download the old, view your password, etc., so he can:
> - make your board totally unusable, beyond repair
> - install viruses, trojans, sniffers, etc. in your router
> - get your password for your provider and maybe for your emails.
>
>Possible fixes:
>1. Set up portforwarding, and forward port 80, this way from the WAN
> interface an attack is impossible. But be aware, that anyone in your
> local LAN (possible over a wireless connection) can login to your
> router.
>
>2. Upload a fixed firmware. I've made an unofficial (but fixed)
> one. You can download it from
> http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/xm-11brrg-0.1.bin
> This firmware is unofficial. NO WARRANTY.
> This firmware also fix other bugs, for a list see:
> http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/Changes
> The tool, which used to create the image also released under the
> GPL: http://xmicro.risko.hu/US8181-20040410.tar.gz
> DOCS: http://xmicro.risko.hu/
>
>I don't know that the folks at X-Micro (who built this so nasty
>backdoor in this device) when will reply, I bcc'ed this mail to them.
>I've chosen not contact with them earlier, because they violated the
>GPL seriously, the open source community tried to communicate with
>them, but without any positive results. And I'm sure that they know
>about this remote backdoor.
>
>Gergely Risko
>
>
[ reply ]