Routers TCP 32764 Backdoor Vulnerability Secretly Re-Activated Again
At the beginning of this year, we reported about the secret backdoor ‘TCP 32764’ discovered in severalrouters including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated as the administrator. The Reverse-engineer from France Eloi Vanderbeken, who discovered this backdoor has found that although the flaw has been patched in the latest firmware release, but SerComm has added the same backdoor again in another way. To verify the released patch, recently he downloaded the patched firmware version 1.1.0.55 of Netgear DGN1000 and unpacked it using binwalk tool. He found that the file ‘scfgmgr’ which contains the backdoor is still present there with a new option “-l”, that limits it only for a local socket interprocess communication (Unix domain socket), or only for the processes running on the same device. On further investigation via reverse engineering the binaries, he found another mysterious tool called ‘ft_tool’ with “-f”option that could re-activates the TCP backdoor. Full Article
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.