There are some vulnerabilities that I come across which just make my jaw drop. This is one of them. There is a backdoor in the linux-based firmware that allows you telnet to port 1111 and get a command prompt. The command prompt seems to be associated with the console administration program. This console allows you to run shell commands, in addition to several other functions. There is no password required, and it appears that the default password (as shown from dumping /etc/shadow) is wlan. There is no patch for this vulnerability which appears in select firmware versions. “bob” has confirmed that this is real…
This just goes to show that as much as you try to secure something there is a developer who is out to sabotage you. It also gets to the heart of the whole 0 day issue. You have to assume there is a 0 day in your software… Then, plan accordingly
-PaulDotCom and strandjs

About the author