PDA

View Full Version : Backdoor found in many consumer routers and WAPs (Port 32764 vulnerability)



JemFevzi
08-02-2015,
A bit worrying... This chap seems to have found that a number of (mainly consumer grade) routers and wireless access points have a process listening on port 32764/tcp. He has published a proof of concept that allows unauthenticated attackers to reset the router to default settings.

https://github.com/elvanderb/TCP-32764

The post is techincal quite technical in places, and it is difficult, at least a first glance to build an idea of exactly where this fits of the scale of "bad".... to "very bad".... through "extremly bad" or even "outright terrible"

There is a list of vulnerable devices emerging on the site.

The exploit had been public now for a few days and it seems that the bad guys are already probing for vulnerable devices https://isc.sans.org/diary/Scans+Increase+for+New+Linksys+Backdoor+%2832764TC P%29/17336

An interesting thing is that the vulnerable devices include routers from both Netgear and Linksys/CIsco.

jimmyjohn
08-04-2015,
Yes there have been several articles written about this in the past few days. Here are a couple more...

Jessemann
08-04-2015,
Unfortunately I have a Linksys router that's named on the list. There is no firmware update (it's not running the original factory firmware, but the one I am using was released in 2011 and it hasn't been updated since). What is the recommendation at this stage?