Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

XMicro.backdoor2.txt

🗓️ 16 Apr 2004 00:00:00Reported by Gergely RiskoType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Backdoor vulnerability in X-Micro WLAN Router allows unauthorized access via default credentials.

Code
`Backdoor in the X-Micro WLAN 11b Broadband Router  
ALL VERSIONS ARE AFFECTED (1.6.0.1 too)  
Previous bugreport's bugtraq id: 10095  
  
FCC ID: RAFXWL-11BRRG  
Firmware Version: 1.2.2, 1.2.2.3, 1.2.2.4, 1.6.0.0, 1.6.0.1  
Remote: yes, easily expoitable  
Type: administration password, which always works  
  
The following username and password works in every case, even if you  
set an other password on the web interface:  
1.2.2, 1.2.2.3, 1.2.2.4, 1.6.0.0:  
Username: super  
Password: super  
  
In 1.6.0.1:  
Username: 1502  
Password: 1502  
  
Note: 1.2.2.4 is strictly identical to 1.2.2.3 (md5sum)  
  
The webserver asks the username/password via HTTP auth headers.  
  
By default the builtin webserver is listening on all network  
interfaces (if connected to the internet, then it is accessible from  
the internet too). Using the webinterface one can install new  
firmware, download the old, view your password, etc., so he can:  
- make your board totally unusable, beyond repair  
- install viruses, trojans, sniffers, etc. in your router  
- get your password for your provider and maybe for your emails.  
  
Possible fixes:  
1. Set up portforwarding, and forward port 80, this way from the WAN  
interface an attack is impossible. But be aware, that anyone in your  
local LAN (possible over a wireless connection) can login to your  
router.  
  
2. Upload a fixed firmware. I've made an unofficial (but fixed)  
one. You can download it from  
http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.2/  
This firmware is unofficial. NO WARRANTY.  
This firmware also fix other bugs, for a list see:  
http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.2/Changes  
(or below)  
The tool, which used to create the image also released under the  
GPL: http://xmicro.risko.hu/US8181-20040416.tar.gz  
DOCS: http://xmicro.risko.hu/  
  
Optional cutie:   
If you upload the webpages.bin from my xm-11brrg-0.2 directory, you  
get a better topbar, with three nice penguins and a gnu! Screenshot at  
http://xmicro.risko.hu/own-firmwares/xm-11brrg-0.2/screenshot.png!  
  
Intresting things:  
Since my last bugtraq mail, Mr. Griswolds from X-Micro contacted me,  
and told that what I did, is hurting the intellectual property of  
X-Micro. I think, they didn't realized yet, that the base OS and tools  
of the router is stolen from GPL projects. More about this things will  
be written in an open letter to X-Micro, since this is not the subject  
of this list.  
  
Gergely Risko  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Apr 2004 00:00Current
7.4High risk
Vulners AI Score7.4
x-micro backdoorfirmware vulnerabilityremote accessdefault usernamedefault passwordunauthorized accessport forwardingfixed firmwarenon-official firmware.
25