- Jul 22, 2014
- 2,525
Some older routers built on the WiMAX technology contain backdoor accounts that appear to have been introduced somewhere along the devices' supply chain.
These backdoor accounts came to light in September 2016, when security researchers from SEC Consult discovered tens of thousands of WiMAX routers that were exposing their web-based administrative console on the Internet.
After auditing the firmware of some devices, researchers found a severe vulnerability, but also several backdoor accounts.
Attackers can change admin account password
The vulnerability they discovered is CVE-2017-3216, which is an authentication bypass in the web-based administration panel. According to researchers, an attacker can access a file on the built-in web server shipped with these routers and change the main admin account's password.
"An attacker can gain access to the device, access the network behind it and launch further attacks, add devices into a Mirai-like botnet or just simply spy on user," the SEC Consult team said. Routers affected by this issue are:
.....
These backdoor accounts came to light in September 2016, when security researchers from SEC Consult discovered tens of thousands of WiMAX routers that were exposing their web-based administrative console on the Internet.
After auditing the firmware of some devices, researchers found a severe vulnerability, but also several backdoor accounts.
Attackers can change admin account password
The vulnerability they discovered is CVE-2017-3216, which is an authentication bypass in the web-based administration panel. According to researchers, an attacker can access a file on the built-in web server shipped with these routers and change the main admin account's password.
"An attacker can gain access to the device, access the network behind it and launch further attacks, add devices into a Mirai-like botnet or just simply spy on user," the SEC Consult team said. Routers affected by this issue are:
.....
