Routers TCP 32764 Backdoor Vulnerability Secretly Re-Activated Again

  • 21 April 2014
  • 0 replies
  • 1262 views

Userlevel 7
Badge +52
At the beginning of this year, we reported about the secret backdoor ‘TCP 32764’ discovered in severalrouters including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated as the administrator. The Reverse-engineer from France Eloi Vanderbeken, who discovered this backdoor has found that although the flaw has been patched in the latest firmware release, but SerComm has added the same backdoor again in another way.  To verify the released patch, recently he downloaded the patched firmware version 1.1.0.55 of Netgear DGN1000 and unpacked it using binwalk tool. He found that the file ‘scfgmgr’ which contains the backdoor is still present there with a new option “-l”, that limits it only for a local socket interprocess communication (Unix domain socket), or only for the processes running on the same device. On further investigation via reverse engineering the binaries, he found another mysterious tool called ‘ft_tool’ with “-f”option that could re-activates the TCP backdoor. Full Article

0 replies

Be the first to reply!

Reply