Router Manufacturers (Linksys, Cisco, Diamond) Secretly Adding Backdoor In Their Firmwares again


Reported by The Hacker News (THN),  router backdoor TCP 32764 which was first discovered reverse engineer France Eloi Vanderbeken, was reactivated again in the release of their patched firmwares. Quoted from THN recent article below:

At the beginning of this year, we reported about the secret backdoor ‘TCP 32764’ discovered in several routers including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated as the administrator.
The Reverse-engineer from France Eloi Vanderbeken, who discovered this backdoor has found that although the problem has been patched in the latest firmware release, but SerComm has added the same backdoor again in another way.
Currently there is no patch available for newly discovered backdoor. If you want to check your router for this backdoor, you can download Proof-of-Concept (PoC) exploit released by the researcher from here or follow the below given steps manually:
  1. Use ‘binwalk -e’ to extract the file system
  2. Search for ‘ft_tool’ or grep -r ‘scfgmgr -f
  3. Use IDA to confirm.

The POC source code can also be copied below, have fun testing!





Leave a Reply