This is a little nuts if you think about it ... I wonder if other APs are backdoored like this (could this be other countries attempts @ espionage?) .. :-\
- Jon ----- Original Message ----- From: "Mariano Firpo" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 10:35 AM Subject: Re: Backdoor in X-Micro WLAN 11b Broadband Router > In-Reply-To: <[EMAIL PROTECTED]> > > X-Micro Support Team: > > 1- The backdoor has been solved with the latest Firmware 1.601. > > 2- Please do not upgrade the Firmware with unofficial releases because this will void the warranty. > > 3- Thanks for posting this security issue. > > Warm Regards, > > X-Micro Support Dep. > Tel: 886-2-8226-2727 > Fax: 886-2-8226-2828 > ====================================== > X-Micro Technology Corp. > Plug & Fly > > Web site: http://www.x-micro.com > Email: [EMAIL PROTECTED] > Address: 13F-4, No.738, Chung Cheng Road, > Chung Ho City, Taipei Hsien, Taiwan 235, R.O.C > > ======================================================================== > > >Received: (qmail 18194 invoked from network); 10 Apr 2004 19:22:18 -0000 > >Received: from outgoing2.securityfocus.com (205.206.231.26) > > by mail.securityfocus.com with SMTP; 10 Apr 2004 19:22:18 -0000 > >Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) > > by outgoing2.securityfocus.com (Postfix) with QMQP > > id B5BF58FD7D; Sat, 10 Apr 2004 07:07:30 -0600 (MDT) > >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm > >Precedence: bulk > >List-Id: <bugtraq.list-id.securityfocus.com> > >List-Post: <mailto:[EMAIL PROTECTED]> > >List-Help: <mailto:[EMAIL PROTECTED]> > >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> > >List-Subscribe: <mailto:[EMAIL PROTECTED]> > >Delivered-To: mailing list [EMAIL PROTECTED] > >Delivered-To: moderator for [EMAIL PROTECTED] > >Received: (qmail 15203 invoked from network); 10 Apr 2004 09:53:09 -0000 > >X-Injected-Via-Gmane: http://gmane.org/ > >To: [EMAIL PROTECTED] > >From: RISKO Gergely <[EMAIL PROTECTED]> > >Subject: Backdoor in X-Micro WLAN 11b Broadband Router > >Date: Sat, 10 Apr 2004 17:57:28 +0200 > >Lines: 44 > >Message-ID: <[EMAIL PROTECTED]> > >Mime-Version: 1.0 > >Content-Type: text/plain; charset=us-ascii > >X-Complaints-To: [EMAIL PROTECTED] > >X-Gmane-NNTP-Posting-Host: jenson.atom.hu > >User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux) > >Cancel-Lock: sha1:4AtmZs1UPAU7ehxwci26psrCyRM= > >Sender: news <[EMAIL PROTECTED]> > > > >Backdoor in the X-Micro WLAN 11b Broadband Router > > > >FCC ID: RAFXWL-11BRRG > >Firmware Version: 1.2.2, 1.2.2.3 (probably others too) > >Remote: yes, easily expoitable > >Type: administration password, which always works > > > >The following username and password works in every case, even if you > >set an other password on the web interface: > >Username: super > >Password: super > > > >By default the builtin webserver is listening on all network > >interfaces (if connected to the internet, then it is accessible from > >the internet too). Using the webinterface one can install new > >firmware, download the old, view your password, etc., so he can: > > - make your board totally unusable, beyond repair > > - install viruses, trojans, sniffers, etc. in your router > > - get your password for your provider and maybe for your emails. > > > >Possible fixes: > >1. Set up portforwarding, and forward port 80, this way from the WAN > > interface an attack is impossible. But be aware, that anyone in your > > local LAN (possible over a wireless connection) can login to your > > router. > > > >2. Upload a fixed firmware. I've made an unofficial (but fixed) > > one. You can download it from > > http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/xm-11brrg-0.1.bin > > This firmware is unofficial. NO WARRANTY. > > This firmware also fix other bugs, for a list see: > > http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.1/Changes > > The tool, which used to create the image also released under the > > GPL: http://xmicro.risko.hu/US8181-20040410.tar.gz > > DOCS: http://xmicro.risko.hu/ > > > >I don't know that the folks at X-Micro (who built this so nasty > >backdoor in this device) when will reply, I bcc'ed this mail to them. > >I've chosen not contact with them earlier, because they violated the > >GPL seriously, the open source community tried to communicate with > >them, but without any positive results. And I'm sure that they know > >about this remote backdoor. > > > >Gergely Risko > > > > > -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
