OpenWAG200

Question

OpenWAG200

DuaneBarry opened this issue 10 years ago · comments

Vulnerable even with this installed http://sourceforge.net/projects/openwag200/files/OpenWAG200/1.4/
-download configuration with cleartext http admin password
-in shell with command "reboot" the router obeys
-work on WAN (Internet)

Eloi Benoist-Vanderbeken commented 10 years ago

So?

Eloi Benoist-Vanderbeken · Answer 1 · Sun Jan 05 2014 04:59:04 GMT+0800 (China Standard Time)

Interesting, thank you :)
I added it to the list, maybe OpenWAG200 is a little bit too open :P

Deleted user · Answer 2 · Mon Jan 06 2014 06:42:41 GMT+0800 (China Standard Time)

UPDATE:
thanks of the ssh/telnet access present on OpenWAG200 and killing all of the processes called scfgmgr like you suggested in issue#61, the backdoor is not usable:

$ python poc.py --ip 192.168.200.253 --shell
probably not vulnerable (error: [Errno 111] Connection refused)

But the WebInterface become broken:
-the SETUP page is not complete
-the STATUS page display no information

Wittawas Nakkasem · Answer 3 · Mon Jan 06 2014 10:40:43 GMT+0800 (China Standard Time)

This work for me

iptables -I INPUT -i ppp0 -p tcp --dport 32764 -j DROP

329229 · Answer 4 · Mon Dec 29 2014 07:46:11 GMT+0800 (China Standard Time)

Maybe that's a little bit late, but i'd like to point out that the now dead openwag200g wasn't listening on the internet after all.
(snippet from original firewall script:
SYSLOG "# ------ [ Special Port Handling ] ------------------- #"
$IPTABLES -A INPUT_TCP -i $WANIF -m multiport -p tcp --dport 23,80,32764 -j DROP
)