Some random code/data about the backdoor I found in my Linksys WAG200G (TCP/32764).
The backdoor may be present in other hardware, I'll update this readme accordingly
Probable source of the backdoor:
- SerComm https://news.ycombinator.com/item?id=6998258 (nice finding )
Backdoor confirmed in:
- Linksys WAG200G
- Netgear DM111Pv2 (https://twitter.com/eguaj/status/418143024019816448)
- Linksys WAG320N (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
- Linksys WAG54G2 (https://twitter.com/_xistence/status/418616691040350208)
- DGN1000 Netgear N150 (https://github.com/elvanderb/TCP-32764/issues/3)
- Netgear DG834G V2 firmware 4.01.40 (thanks Burn2 Dev)
- Diamond DSL642WLG / SerComm IP806Gx v2 TI (https://news.ycombinator.com/item?id=6998682)
Backdoor may be present in:
- Netgear DG934 [probability: 99.99%] (http://codeinsecurity.wordpress.com/category/reverse-engineering/)
- Netgear DG834 (http://www.netgear-forum.com/forum/index.php?showtopic=6192)
- Netgear WPNT834 (http://forum1.netgear.com/showthread.php?p=270354)
- Netgear WG602, WGR614, DGN2000 (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
- Linksys WAG120N, WAG160N, WRVS4400N (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
- all SerComm manufactured devices (https://news.ycombinator.com/item?id=6998258)
Backdoor is not working in:
- Netgear WGR614v7 (thanks "Martin from germany" [your e-mail doesn't work])
- Netgear WNDR3700 (https://twitter.com/juliengrenier/status/418748575842304000)
- Netgear CG3100 (https://github.com/elvanderb/TCP-32764/issues/6)
- Netgear WGR614v9 (https://github.com/elvanderb/TCP-32764/issues/7)
- Linksys WRT54GS v1.52.8 build 001 (thanks Helmut Tessarek)
Source:: https://github.com/elvanderb/TCP-32764
This stinks for the people who own an affected router with a backdoor since sometimes security problems on routers never get updated to fix the problem.
I think if you have one of these routers with a backdoor, it would be safer just to connect a PC directly into a Cable or DSL modem, and not use a Router which can get infected with a virus, or has a backdoor on it.
The backdoor may be present in other hardware, I'll update this readme accordingly
Probable source of the backdoor:
- SerComm https://news.ycombinator.com/item?id=6998258 (nice finding
)Backdoor confirmed in:
- Linksys WAG200G
- Netgear DM111Pv2 (https://twitter.com/eguaj/status/418143024019816448)
- Linksys WAG320N (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
- Linksys WAG54G2 (https://twitter.com/_xistence/status/418616691040350208)
- DGN1000 Netgear N150 (https://github.com/elvanderb/TCP-32764/issues/3)
- Netgear DG834G V2 firmware 4.01.40 (thanks Burn2 Dev)
- Diamond DSL642WLG / SerComm IP806Gx v2 TI (https://news.ycombinator.com/item?id=6998682)
Backdoor may be present in:
- Netgear DG934 [probability: 99.99%] (http://codeinsecurity.wordpress.com/category/reverse-engineering/)
- Netgear DG834 (http://www.netgear-forum.com/forum/index.php?showtopic=6192)
- Netgear WPNT834 (http://forum1.netgear.com/showthread.php?p=270354)
- Netgear WG602, WGR614, DGN2000 (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
- Linksys WAG120N, WAG160N, WRVS4400N (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
- all SerComm manufactured devices (https://news.ycombinator.com/item?id=6998258)
Backdoor is not working in:
- Netgear WGR614v7 (thanks "Martin from germany" [your e-mail doesn't work])
- Netgear WNDR3700 (https://twitter.com/juliengrenier/status/418748575842304000)
- Netgear CG3100 (https://github.com/elvanderb/TCP-32764/issues/6)
- Netgear WGR614v9 (https://github.com/elvanderb/TCP-32764/issues/7)
- Linksys WRT54GS v1.52.8 build 001 (thanks Helmut Tessarek)
Source:: https://github.com/elvanderb/TCP-32764
This stinks for the people who own an affected router with a backdoor since sometimes security problems on routers never get updated to fix the problem.
I think if you have one of these routers with a backdoor, it would be safer just to connect a PC directly into a Cable or DSL modem, and not use a Router which can get infected with a virus, or has a backdoor on it.
