Hello, This is an update to: - Backdoor and RCE found in 8 TOTOLINK router models (http://ift.tt/1HzOWgm ) - Backdoor credentials found in 4 TOTOLINK router models (http://ift.tt/1I56d4K ) - 4 TOTOLINK router models vulnerable to CSRF and XSS attacks (http://ift.tt/1I56fcE ) - 15 TOTOLINK router models vulnerable to multiple RCEs (http://ift.tt/1HzOYVn ) Totolink has released new firmwares on 2015-07-25 and also removed the old firmwares from their website. The backdoor is still present in the new firmware images but it is not launched at the startup anymore. You can check yourself by downloading the images and by using binwalk: Example with N300RH-V2: $ wget -O 'TOTOLINK%20N300RH-V2.0.1_20150725.zip' 'http://ift.tt/1TvG0Oz' $ 7z x TOTOLINK%20N300RH-V2.0.1_20150725.zip [...] $ binwalk -e *web DECIMAL HEXADECIMAL DESCRIPTION
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment