Backdoors in your wireless DSL routers could pose risk

Tools

A hacker tinkering with his home router found a backdoor that could allow an attacker to reset its configuration and gain access to its administrative control panel. Though Eloi Vanderbeken initially tested on his family's Linksys WAG200G, more than two dozen device models from Cisco, Linksys and Netgear--among others--were added to the list as others confirmed the flaw on devices they own.

At the moment, the common denominator appears to affect wireless routers with DSL that were manufactured by SerComm. So far, SerComm devices from various vendors have been pegged vulnerable, including all SerComm devices. The fact that many other models of wireless routers from the same brands (other than SerComm) are listed as not being affected by the vulnerability makes it seem an unauthorized addition by a rogue developer.

The problem is serious as it could be exploited on the Internet-facing side in some cases, opening the door to a nasty remote exploit. Full details, including all known affected models and an illustrated PDF file of how Vanderbeken stumbled on the flaw can be found here.

To help identify the problem, Martin Brinkmann of Ghacks wrote a primer on how to determine if your router is listening on the undocumented port 32764. He also outlined some suggested fixes; including setting a rule in the firewall, installing a third-party open source firmware and simply purchasing a router that isn't affected by the vulnerability.

The Fierce Take: It was reported in December that a number of firewall products from Cisco and Huawei have NSA backdoors built-in. Even as there is no evidence pointing back to NSA in this instance, it now behooves IT security managers not to assume that key networking devices and even security appliances like firewall are automatically free of backdoors, whether it is by accident or by malicious design.

For more:
- check out this article at SC Magazine

Related Articles:
Serious security flaw found in firmware of multiple D-Link routers
Cisco confirms flaw in Linksys WRT54GL wireless router