Debugging shell with root privileges in routers TP-Link WR740Debugging shell with root privileges in routers TP-Link WR740
Summary
There is a hidden debugging shell with root privileges in routers TP-Link WR740.
Description
| Models: | WDR740N, WDR740ND and possibly others Update: People have been reporting on forums that models WR743ND,WR842ND,WA-901ND,WR941N,WR941ND,WR1043ND,WR2543ND,MR3220,MR3020,WR841N also have access to this root shell. |
| Firmware version: | 3.12.11 Build 111130 Rel.55312n and possibly others |
| Date: | 18/06/2012 |
| Severity: | High |
| Impact: | Debugging shell with root privileges. |
| Attack vector: | Local and remote. |
| Solution: | N/A |
TP-Link WDR740ND/WDR740N routers have a hidden debugging shell with root privileges that could be abused by attackers.
The username is hard coded in the HTTP server binary and the password cannot be changed from the management interface so the following credentials are almost guaranteed to work:
/userRpmNatDebugRpm26525557/linux_cmdline.html.
User:osteam
Password:5up
Using this shell attackers may add malicious routing rules or change configuration files.
POC
Go to http://ip/userRpmNatDebugRpm26525557/linux_cmdline.html and enter the credentials "osteam:5up"
YOUTUBE
TWITTER
FACEBOOK
BLOG
EMAIL US