Apr 8 2024, 09:47 PM
QUOTE(whirleyes @ Oct 29 2023, 10:54 PM)
Fiberhome Router SR1041F RP0105 ssh root backdoor
It is possible to login ssh as root user by exploiting remote code execution vulnerability
https://gist.github.com/whirleyes/c664c33ff...2c1446f2a97abb9 and backdoor factory access mode in dropbear
Pre-authentication remote code execution allows anyone without logged in to send commands to the operating system as the root user.
Thus, opening WAN port 80 could be unsafe for your network.
This scenario involves a sequence of commands:
1. Enable factory mode
2. Remove root password
3. Restart dropbear (allow no password and use /var/passwd instead of /var/dropbear_passwd)
4. Open firewall
SSH root backdoor execution
https://gist.github.com/whirleyes/7916c5cd0...5aaceb2f50f837c
Done submitting CVE.
Pardon to ask got the CVE submission details? Tried to find on CVE list but can't found itIt is possible to login ssh as root user by exploiting remote code execution vulnerability
https://gist.github.com/whirleyes/c664c33ff...2c1446f2a97abb9 and backdoor factory access mode in dropbear
Pre-authentication remote code execution allows anyone without logged in to send commands to the operating system as the root user.
Thus, opening WAN port 80 could be unsafe for your network.
This scenario involves a sequence of commands:
1. Enable factory mode
2. Remove root password
3. Restart dropbear (allow no password and use /var/passwd instead of /var/dropbear_passwd)
4. Open firewall
SSH root backdoor execution
https://gist.github.com/whirleyes/7916c5cd0...5aaceb2f50f837c
Done submitting CVE.
Quote
0.0316sec
0.53
6 queries
GZIP Disabled