Code Used in Zero Day Huawei Router Attack Made Public

Exploit code used in the Mirai malware variant called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now public. Researchers warn the code will quickly become a commodity and be leveraged in DDoS attacks via botnets such as Reaper or...

Eir’s D1000 Modem Is Wide Open To Being Hacked.

Background The Eir D1000 Modem has bugs that allow an attacker to gain full control of the modem from the Internet. The modem could then be used to hack into internal computers on the network, as a proxy host to hack other computers or even as a bot in a botnet. A port scan of the the modem...

Satori IoT Botnet Exploits Zero-Day to Zombify Huawei Routers

Although the original creators of the infamous IoT malware Mirai have already been arrested and sent to jail, the variants of the notorious botnet are still in the game due to the availability of its source code on the Internet. Hackers have widely used the infamous IoT malware to quietly amass a...

Huawei Router Vulnerability Used to Spread Mirai Variant

Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Mirai Okiru, also known as Satori. Researchers at Check Point published a report Thursday, and said the flaw is in Huawei’s router mode...

Eir D1000 Arbitrary Command Execution Vulnerability

The Eir D1000 is a modem from Eir Ireland. A security vulnerability exists in the Eir D1000 modem that stems from the program failing to properly restrict the TR-064 protocol. A remote attacker can exploit the vulnerability to execute arbitrary commands on TCP port 7547...

Design/Logic Flaw

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password which defaults to the Wi-Fi password, and using the NewNTPServer...

CVE-2016-10372

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password which defaults to the Wi-Fi password, and using the NewNTPServer...

Zyxel D1000 CWMP Get Default Password

Nessus was able to acquire the password from the Zyxel D1000 device by using CWMP commands over the TR-064 protocol. This protocol is typically open on port 7547. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid96448; scriptversion"1.5";...

Zyxel / Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064 Exploit

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on...

Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064

require 'msf/core' class MetasploitModule 'Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064', 'Description' = %q Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer'...

VulnCheck KEV: CVE-2016-10372

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password which defaults to the Wi-Fi password, and using the NewNTPServer...

TR-064 vulnerabilities to the affected vendors of equipment and TR-064 Protocol security analysis-vulnerability warning-the black bar safety net

! Author: British Xiphos Research, senior security researcher Darren Martyn Over the past few weeks, the embedded device demonstrated the security situation worrisome, in the Mirai early code is public, I think some of the“smart device”botnet will quickly spread, in addition to the telnet scannin...

Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on...

Cyber Attack Knocks Nearly a Million Routers Offline

Mirai Botnet is getting stronger and more notorious each day that passes by. The reason: Insecure Internet-of-things Devices. Last month, the Mirai botnet knocked the entire Internet offline for a few hours, crippling some of the world's biggest and most popular websites. Now, more than 900,000...

Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit)

=begin Exploit Title: Eir D1000 Wireless Router - WAN Side Remote Command Injection Date: 7th November 2016 Exploit Author: Kenzo Website: https://devicereversing.wordpress.com Tested on Firmware version: 2.00AADU.520150909 Type: Webapps Platform: Hardware Description =========== By sending certa...