Printed from http://www.electronista.com

Array of DSL networking hardware subject to escalating privileges hack

updated 11:56 pm EST, Thu January 2, 2014

Weekend SerComm chipset hack uses exploit on port number 32764

Over the Christmas holiday, programmer Eloi Venderbeken discovered a vulnerability in many Linksys, Netgear, and Belkin DSL modem/router combination devices, allowing an attacker who is on the network to escalate privileges or reboot an otherwise-secure router. The exploit seems to be limited to devices with SerComm chipsets, and has been confirmed to work on a wide array of both new and old models.

TCP port 32764 is the target of the hack, which still remains free of documentation from either Linksys or Netgear. After some testing, Vanderbecken gained access to a command line interface for the router, which allowed a script to be written granting him administrative access.

The attack cannot be used outside a local area network's boundaries, and any attacker must be logged into the network to start, limiting the severity of the hack. Should the exploit become widely used, at most risk are businesses offering free Wi-Fi access or other establishments using off-the-shelf hardware for Internet access to a variety of anonymous patrons, like schools or libraries.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Cat B100

Cat is primarily known for its heavy-duty machinery used in the construction industry and farming, among other areas. What may not be ...

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Sponsor

toggle

Most Commented

 
toggle

Popular News