There is a backdoor in Linksys and Netgear wireless routers that can allow attackers to reset the devices’ configuration to factory settings, a researcher said.
Just by accident French security systems’ engineer Eloi Vanderbeken found the vulnerability in his own Linksys WAG200G wireless DSL gateway, after deciding to limit the bandwidth used by his holiday guests and remembering he forgot the complex username and password combination he chose for accessing the router’s administration panel.
By probing and prodding the device’s firmware, he discovered there was an unknown service listening on network port TCP 32764. The service accepts thirteen types of messages, among which are two that allowed him to peak into the configuration settings, and one that restored the router to its default factory settings.
After sharing the details, attackers across the globe hecked what other routers have the same backdoor. As it turned out, there is quite a list on his blog.
The list found the affected devices have one thing in common: Sercomm made them. Sercomm is a company that builds routers both under its own name and for several other companies, including Linksys and Netgear.
Other companies Sercomm works for are 3Com, Aruba and Belkin.
SANS ISC CTO Johannes Ullrich said since the revelation of the existence of the backdoor, they have been seeing an increase in probes for port TCP 32764.