Vulners
Lucene search
planetBackdoor.txt
🗓️ 07 Oct 2005 00:00:00Reported by Luis Miguel SilvaType 
packetstorm🔗 packetstormsecurity.com👁 33 Views
`Hello all,
Today i discovered a pseudo backdoor [thru a default password] while trying to
reset the password on a Planet Technology Corp FGSW2402RS switch.
Allthough i dont consider this to be a real problem since the only access seems
to be thru the serial port, i would like to share this with the community since
it isnt documented *anywhere* and Planet Technology Corp doesnt even reply to
emails asking for support on their products.
So...we start with a common ASCII analisys of the firmware [revision 1.2]:
root@leonardo-root ~/planet# strings FGSW-2402RS_ISP_1.2.txt
...
admin
[^_^]
ISPMODE
...
root@leonardo-root ~/planet#
Admin is the obvious login and ISPMODE is the password used for uploading a new
firmware to the equipment.
If we connect to the equipment and send admin as the login and "[^_^]" as the
password we get the same login prompt again (as if the password had failed) and
the password has now been reset to "".
Best regards,
+-------------------------
| Luís Miguel Silva
| Security Consultant
| Centro de Informática Correia Araújo
| Faculdade de Engenharia da
| Universidade do Porto
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Oct 2005 00:00Current