X-Micro WLAN 11b Broadband Router Backdoor Administration Account Vulnerability
BID:10095
Info
X-Micro WLAN 11b Broadband Router Backdoor Administration Account Vulnerability
| Bugtraq ID: | 10095 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2004 12:00AM |
| Updated: | Apr 10 2004 12:00AM |
| Credit: | Discovered by Gergely Risko <[email protected]>. |
| Vulnerable: |
X-Micro WLAN 11b Broadband Router Firmware 1.6 .0.1 X-Micro WLAN 11b Broadband Router Firmware 1.6 .0 X-Micro WLAN 11b Broadband Router Firmware 1.2.2 .4 X-Micro WLAN 11b Broadband Router Firmware 1.2.2 .3 X-Micro WLAN 11b Broadband Router Firmware 1.2.2 |
| Not Vulnerable: | |
Discussion
X-Micro WLAN 11b Broadband Router Backdoor Administration Account Vulnerability
It has been reported that the firmware shipped with the X-Micro 11b Broadband Router has built-in an administrative account that cannot be disabled. The account, username and password "super", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device. According to the author of the report, the built-in administration webserver listens on both internal and external interfaces. Attackers may authenticate with the "super" account from outside of the LAN and gain control of the device through this web interface. Once authenticated, it is possible for attackers to install new firmware on the device.
**It has been reported that version 1.6.0.1 of WLAN 11b Broadband Router also contains a built-in an administrative account that cannot be disabled. The account, username and password "1502", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device.
It has been reported that the firmware shipped with the X-Micro 11b Broadband Router has built-in an administrative account that cannot be disabled. The account, username and password "super", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device. According to the author of the report, the built-in administration webserver listens on both internal and external interfaces. Attackers may authenticate with the "super" account from outside of the LAN and gain control of the device through this web interface. Once authenticated, it is possible for attackers to install new firmware on the device.
**It has been reported that version 1.6.0.1 of WLAN 11b Broadband Router also contains a built-in an administrative account that cannot be disabled. The account, username and password "1502", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device.
Exploit / POC
X-Micro WLAN 11b Broadband Router Backdoor Administration Account Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
X-Micro WLAN 11b Broadband Router Backdoor Administration Account Vulnerability
Solution:
Gergely Risko <[email protected]> has developed an unofficial firmware image with the "super" backdoor removed and other bugfixes. A tool to create the image has also been made available. It should be emphasized that this is an unofficial and unsupported modification of the binary firmware made by an individual not related to X-Micro. The files are available at:
http://xmicro.risko.hu/
The firmware image at:
http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/xm-11brrg-0.1.bin
The vendor has released an update to address this issue.
X-Micro WLAN 11b Broadband Router Firmware 1.2.2 .3
X-Micro WLAN 11b Broadband Router Firmware 1.2.2
Solution:
Gergely Risko <[email protected]> has developed an unofficial firmware image with the "super" backdoor removed and other bugfixes. A tool to create the image has also been made available. It should be emphasized that this is an unofficial and unsupported modification of the binary firmware made by an individual not related to X-Micro. The files are available at:
http://xmicro.risko.hu/
The firmware image at:
http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/xm-11brrg-0.1.bin
The vendor has released an update to address this issue.
X-Micro WLAN 11b Broadband Router Firmware 1.2.2 .3
-
X-Micro XWL-11bRRGVer-1.601.exe
http://www.x-micro.com/temp/XWL-11bRRGVer-1.601.exe
X-Micro WLAN 11b Broadband Router Firmware 1.2.2
-
X-Micro XWL-11bRRGVer-1.601.exe
http://www.x-micro.com/temp/XWL-11bRRGVer-1.601.exe
References
X-Micro WLAN 11b Broadband Router Backdoor Administration Account Vulnerability
References:
References:
- http://xmicro.risko.hu/ (Gergely Risko)
- WLAN 11b Broadband Router (X-Micro)
- Backdoor in X-Micro WLAN 11b Broadband Router (RISKO Gergely
) - NEW backdoor in X-Micro WLAN 11b Broadband Router (RISKO Gergely
)