Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...)
- Telnet and SSH services running by default, with two hard-coded secret accounts (admin:admin and root:1234).
- Router has another secret backdoor that can be exploited by only sending "HELODBG" string as a secret hard-coded command to UDP port 39889, which in return launch Telnet as root privileges without any authentication.
- The PIN for the WPS system on D-Link routers is '28296607,' which is hard-coded in the /bin/appmgr program.
- It's notable the FOTA (Remote firmware over-the-air) daemon tries to retrieve the firmware over HTTPS. But at the date of the writing, the SSL certificate for https://qdp:qdp@fotatest.qmitw.com/qdh/ispname/2031/appliance.xml is invalid for 1.5 years
- Jun 16, 2016: Dlink Security Incident Response Team (William Brown) acknowledges the receipt of the report and says they will provide further updates.
- Sep 13, 2016: Dlinks says they don't have a schedule for a firmware release. Customers who have questions should contact their local/regional D-Link support offices for the latest information. support.dlink.com will be updated in the next 24 hours.
- Sep 28, 2016: A public advisory is sent to security mailing lists.
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-…
- Tovább (Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...))
- 2280 megtekintés