Fiberhome Router SR1041F RP0105 ssh root backdoor

It is possible to login ssh as root user by exploiting remote code execution vulnerability
https://gist.github.com/whirleyes/c664c33ff...2c1446f2a97abb9 and backdoor factory access mode in dropbear

Pre-authentication remote code execution allows anyone without logged in to send commands to the operating system as the root user.

Thus, opening WAN port 80 could be unsafe for your network.


This scenario involves a sequence of commands:
1. Enable factory mode
2. Remove root password
3. Restart dropbear (allow no password and use /var/passwd instead of /var/dropbear_passwd)
4. Open firewall

SSH root backdoor execution
https://gist.github.com/whirleyes/7916c5cd0...5aaceb2f50f837c

Done submitting CVE.

This post has been edited by whirleyes: Oct 29 2023, 11:31 PM

haven't explore much.
but i think you can try check /fhconf/fh_wifi/ directory

Learn so much from this https://techdator.net/fiberhome-devices-has...p-a-new-botnet/

I don't think they will release firmware update anytime soon.
Best is to spread awareness, else it could be another Gwmndy botnet victim

My intention is just to get root access so I can proceed with building OpenWrt image for this device.
or at least can make some tweak to the original firmware.