[AusNOG] Port 32764 Remote Admin Vulnerability?
Brad Peczka
brad at bradpeczka.com
Sat Jan 4 02:18:12 EST 2014
Evening all,
This cropped up on my radar this evening: https://github.com/elvanderb/TCP-32764
There's some better coverage in an Ars article here: http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/
In a nutshell, it looks like there's an exploit in a range of Consumer and SOHO routers, whereby an unauthenticated administrative interface is listening on port 32764. Some models are only listening on the LAN interface, some models also listen to the WAN interface. On the right model, you can reset the username/password to one of your choosing and enable the remote administration interface.
Would be interesting to see if there's a notable uptick in port scans for this over the coming days... ;-)
Regards,
-Brad.
More information about the AusNOG
mailing list