Backdoor Found in Linksys and Netgear

Security researchers found a new backdoor in Linksys WAG200G. The Firmware include a service for remote connection at port 32764 , this allows remote user to get the router configuration settings , including user name , admin password, password for WiFi , etc. the tool been used to reverse the firmware is Binwalk and IDA Pro.

The list of devices with backdoor is increasing and this make users at risk, routers are transmitting all information and traffic and such access may lead to compromising users information.  on Linksys and Netgear the list include:
linksysConfirmed the existence of backdoor

  1. Linksys WAG200G
  2. Netgear DM111Pv2
  3. Linksys WAG320N
  4. Linksys WAG54G2

Possible Backdoor on the firmware:

  1. Netgear DG934
  2. Netgear WPNT834
  3. Netgear WG602, WGR614
  4. Linksys WAG160N, WRVS4400N
  5. all SerComm manufactured devices

Backdoor is not working in:

  1. Netgear WNDR3700
  2. Netgear CG3100
  3. Netgear WGR614v9
  4. Linksys WRT54GS v1.52.8 build 001
  5. Linksys WRT54GL(v1.1) Firmware v4.30.16
  6. Netgear WGR614v3
  7. Netgear WNDR4500

This is not the first time to find that routers firmware include backdoor, A number of D-Link routers reportedly had an issue that makes them susceptible to unauthorized backdoor access in the past. This may reduce the trust in using these routers.

Share
  • bug menot

    Notice something about the ones that have no backdoor? Hint: software