Researcher Uncovers Backdoor In DSL Routers
Flaw in DSL routers could give attackers full, unauthenticated administrative access, researcher says
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc94608acf452fd67/655cf371ab171e040a838b2a/329050_DR23_Graphics_Website_V5_Default_Image_v1.png?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
A researcher has discovered what he describes as a "backdoor" in DSL routers that could enable attackers to gain administrative access.
In a post on the GitHub site, researcher Eloi Vanderbeken offers a proof of concept showing how he was able to crack his own Linksys DSL router and gain administrative access to a home network without authentication. Subsequent posts indicate that the proof of concept would also work on routers made by other vendors.
The backdoor was found through scans of a little-known port, 32764/TCP, which is now being scanned more broadly, according to the Internet Storm Center (ISC).
"We do see a lot of probes for port 32764/TCP," says ISC's Johannes Ullrich in an online post. "At this point, I urge everybody to scan their networks for devices listening on port 32764/TCP. If you use a Linksys router, try to scan its public IP address from outside your network.
"Our data shows almost no scans to the port prior to today, but a large number from 3 source IPs [on Jan. 2]," ISC's post says.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024