no one is safe ...
//secure it#

Your Telnet Backdoor is waiting for you

It is too bad if your device has a backdoor directly from the vendor. In some devices of the vendor D-Link you are able to find a nice telnet server listening on the internal network interface. The following output shows the results of a Nmap scan of three different D-Link DIR devices (DIR-300revA, DIR-300revB, DIR-600revB):


root@bt:~# nmap -sSV -p 23 192.168.178.133,144,222
Starting Nmap 6.01 ( http://nmap.org ) at 2013-04-30 13:42 CEST
Nmap scan report for 192.168.178.133
Host is up (0.0067s latency).
PORT STATE SERVICE VERSION

Multiple Vulnerabilities in D'Link DIR-635

Device Name: DIR-635
Vendor: D-Link

============ Vulnerable Firmware Releases: ============

Firmwareversion: 2.34EU
Hardware-Version: B1
Produktseite: DIR-635

============ Vulnerability Overview: ============

  • Stored XSS -> Status - WLAN -> SSID

Special Webcast: Hacking Embedded Systems (No Axe Required)

Hey guys,

yesterday @pauldotcom gave a great webcast on hacking embedded devices. Following some impressions of this webcast.

On a slide with HD Moore ... h00ray ;)


And the MIPS payloads of the #metasploit framework:

Multiple Vulnerabilities in D'Link DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A

Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A
Vendor: D-Link

============ Device Description: ============

DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele...
DIR-615: http://www.dlink.com/de/de/support/product/dir-615-wireless-n-300-router...

============ Vulnerable Firmware Releases - DIR-615: ============

Tested Firmware Version : 4.13

============ Vulnerable Firmware Releases - DIR-300: ============

Multiple Vulnerabilities in D-Link devices

Device Name: DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110
Vendor: D-Link

============ Vulnerable Firmware Releases: ============

DIR-815 v1.03b02 (unauthenticated command injection)
DIR-645 v1.02 (unauthenticated command injection)
DIR-645 v1.03 (authenticated command injection)
DIR-600 below v2.16b01 (with v2.16b01 D-Link also fixes different vulnerabilities reported in M1ADV2013-003)
DIR-300 revB v2.13b01 (unauthenticated command injection)
DIR-300 revB v2.14b01 (authenticated command injection)
DIR-412 Ver 1.14WWB02 (unauthenticated command injection)
DIR-456U Ver 1.00ONG (unauthenticated command injection)
DIR-110 Ver 1.01 (unauthenticated command injection)

Possible other versions and devices are also affected by this vulnerability.