CVE-2021-34203

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 dir-2640-us, when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify...

Belkin IoT Smart Plug Flaw Allows Remote Code Execution in Smart Homes

A vulnerability in a popular Wi-Fi–connected electric outlet for smart homes would allow a remote attacker to take over smart TVs and other devices, as well as execute code – potentially exposing tens of thousands of consumers to cryptomining, ransomware, information disclosure, botnet enslavemen...

Backdoor Vulnerability in UDP Port 39889 on D-Link DWR-932B LTE Router

The D-Link DWR-932B LTE is a wireless router. A backdoor vulnerability exists in UDP port 39889 of the D-Link DWR-932B LTE router. Since the string "HELODBG" can be sent as a hardcoded command to UDP port 39889, an attacker can use the vulnerability to launch a root-privileged Telnet on the route...

Dynalink routers backdoor?

I was playing with a Dynalink RTA 230 http://www.dynalink.co.nz/products/rta230.htm, a linux based mips-cored adsl router. Looking at embedded linux system, i've found something like a backdoor: cat /etc/passwd admin:xxxxxobscuredxxxxx:0:0:Administrator:/:/bin/sh...