Backdoor in wireless DSL routers lets attacker reset router, get admin

[JMH]

Backdoor in wireless DSL routers lets attacker reset router, get admin

A hacker has found a backdoor to wireless combination router/DSL modems that could allow an attacker to reset the router’s configuration and gain access to the administrative control panel. The attack, confirmed to work on several Linksys and Netgear DSL modems, exploits an open port accessible over the wireless local network.

The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources. Update: Vanderbeken reports some routers have the backdoor open to the Internet side as well, leaving them vulnerable to remote attack.

Backdoor in wireless DSL routers lets attacker reset router, get admin | Ars Technica

 

[satrow]

Move along now, nothing new there.

Some ISP's have a history of handing out routers with a backdoor already open, often not from Linksys or Netgear either. Many brands also have their own backdoors or Remote Access/Management ports etc. left wide open or with the default User name Password combo already set - useful if I 'happen' to bump into them on the 'net, I leave them more secure than when they were sold (even if they are located in Iran ... ).