Jan 22 2024, 09:50 AM
QUOTE(whirleyes @ Oct 29 2023, 10:54 PM)
Fiberhome Router SR1041F RP0105 ssh root backdoor
It is possible to login ssh as root user by exploiting remote code execution vulnerability
https://gist.github.com/whirleyes/c664c33ff...2c1446f2a97abb9 and backdoor factory access mode in dropbear
Pre-authentication remote code execution allows anyone without logged in to send commands to the operating system as the root user.
Thus, opening WAN port 80 could be unsafe for your network.
This scenario involves a sequence of commands:
1. Enable factory mode
2. Remove root password
3. Restart dropbear (allow no password and use /var/passwd instead of /var/dropbear_passwd)
4. Open firewall
SSH root backdoor execution
https://gist.github.com/whirleyes/7916c5cd0...5aaceb2f50f837c
Done submitting CVE.
nice findings. hopefully someday you could share your thought process in finding this vulnerability.It is possible to login ssh as root user by exploiting remote code execution vulnerability
https://gist.github.com/whirleyes/c664c33ff...2c1446f2a97abb9 and backdoor factory access mode in dropbear
Pre-authentication remote code execution allows anyone without logged in to send commands to the operating system as the root user.
Thus, opening WAN port 80 could be unsafe for your network.
This scenario involves a sequence of commands:
1. Enable factory mode
2. Remove root password
3. Restart dropbear (allow no password and use /var/passwd instead of /var/dropbear_passwd)
4. Open firewall
SSH root backdoor execution
https://gist.github.com/whirleyes/7916c5cd0...5aaceb2f50f837c
Done submitting CVE.
noobie question: i can't even get port forwarding to work on this router. [other thread which asks about this] mind giving a few pointers?
Quote
0.0116sec
0.55
6 queries
GZIP Disabled