(Annex A) ADSL Road Runner Exploit Description & Theory

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: (Annex A) ADSL Road Runner Exploit Description & Theory
From: gp32boy@xxxxxxxxxxx
Date: 2 Sep 2005 21:14:08 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This back door was found by testing the ports with telnet. By running through 
each open port 

individually I managed to find a hole that obviously the creators have made. 
This allows you to 

remotely access the router and manipulate the features and find information.

Typically the router would have ports 23 (telnet) and port 244. When you telnet 
the port on 23 

you are greeted with a login prompt. This would require a hacker to key in a 
password. Further 

accessing the router on port 244, you are again greeted with this login prompt. 
However, the 

difference is that you do not need a password, you can simply press enter to 
login.

Once access is granted the flaw can lead a hacker to access data and possibly 
plant and sniff  

traffic on the modem. Also, the hacker can reset the router. There are other 
features 

that can be found that maybe of interest such as the cache and other data. and 
is potentially a 

high-risk flaw.

The exact version of the modem is still to be found, however this is currently 
seen in the many 

of the latest ADSL Road Runner modems in the Annex A family.

Prev by Date: Secunia Research: SqWebMail Conditional Comments Script Insertion Vulnerability
Next by Date: Vulnerability in myBloggie 2.1.3-beta and prior
Previous by thread: Secunia Research: SqWebMail Conditional Comments Script Insertion Vulnerability
Next by thread: Vulnerability in myBloggie 2.1.3-beta and prior
Index(es):
- Date
- Thread