Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers.
In previous research, the expert discovered a Telnet backdoor in D-Link DWR-921 which is also present in the ZyXEL LTE3301-M209 as well.
The researcher analyzed the commander ELF, focusing on the amit* functions that were containing the backdoor in D-Link routers.
Unlike the D-Link analysis, the researchers has no physical access to the device and attempted to retrieve the password from the config.
“The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” wrote the expert. “Inside the last Squashfs there is a [censored] file which is contains at 0x10 the Zlib magic bytes.”
Once unpacked the file, ReSolver noticed the following sequence:
Despite he did not find Telnet credentials, he discovered something which looks like a backdoor in the webUI.
“Same as before and unpack the config.dat is going to contain the telnet login password” states the expert. “Let’s put things together: On ZyXEL LTE3301 we have two ways to own the device:
Owners of impacted devices have to upgrade them with the latest firmware release as soon as possible.
Below is the timeline for this issue:
The expert and the Zyxel PSIRT decided to avoid disclosing the credentials the prevent massive exploitation in the wild.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, ZyXEL LTE3301-M209)
[adrotate banner=”5″]
[adrotate banner=”13″]
Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…
Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…
This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…
This website uses cookies.