Researcher Uncovers Backdoor In DSL Routers
Flaw in DSL routers could give attackers full, unauthenticated administrative access, researcher says
A researcher has discovered what he describes as a "backdoor" in DSL routers that could enable attackers to gain administrative access.
In a post on the GitHub site, researcher Eloi Vanderbeken offers a proof of concept showing how he was able to crack his own Linksys DSL router and gain administrative access to a home network without authentication. Subsequent posts indicate that the proof of concept would also work on routers made by other vendors.
The backdoor was found through scans of a little-known port, 32764/TCP, which is now being scanned more broadly, according to the Internet Storm Center (ISC).
"We do see a lot of probes for port 32764/TCP," says ISC's Johannes Ullrich in an online post. "At this point, I urge everybody to scan their networks for devices listening on port 32764/TCP. If you use a Linksys router, try to scan its public IP address from outside your network.
"Our data shows almost no scans to the port prior to today, but a large number from 3 source IPs [on Jan. 2]," ISC's post says.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024