Skip to content

Krzysztof Burghardt’s blog

Create. Break. Fix. Repeat.

  • About
  • Contact
  • Sitemap

Month: February 2019

DASAN H665 has vendor backdoor built into BusyBox’s /bin/login

[Translate]

DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account named “dnsekakf2$$” gives access to admin (uid 0) account over telnet, at least for administration interface documented in H665 QIG (Quick Guide).

DASAN H665 is GPON Optical Network Terminal (ONT). It could work as router/NAT or bridge and allow End User to Web Access device at http://192.168.55.1/. Depending on device’s configuration it might assign different 192.168.X.0/24 subnet over DHCP, but device still reply to traffic on 192.168.55.1 from any devices in 192.168.55.0/24 subnet.

This vulnerability was assigned CVE-2019-8950.

Continue reading “DASAN H665 has vendor backdoor built into BusyBox’s /bin/login”

Author Krzysztof BurghardtPosted on February 15, 2019March 18, 2019Categories English, Hardware, Linux, SecurityTags BusyBox, DASAN, GPON, H665, Linux, login, ONT, Security, telnet2 Comments on DASAN H665 has vendor backdoor built into BusyBox’s /bin/login
  • About
  • Contact
  • Sitemap
  • DASAN H665 has vendor backdoor built into BusyBox’s /bin/login 6 views
  • How to build RPM packages in CentOS chroot on… Debian! 3 views
  • How to restrict Internet access to known IP/MAC on OpenWRT? 3 views
  • Multiple FreeBSD jails sharing one IP address 2 views
  • nCipher HSM with OpenSSL 2 views
  • WordPress na serwerze IdeaWebServer w home.pl 1 view
  • How to mount file systems easily in Midnight Commander 1 view
  • FreeBSD with X.Org on QEMU 1 view
  • PixelView PlayTV Pro PV-BT878P+9X 1 view
  • Debian GNU/Linux on Acer Aspire 5102WLMi 1 view
WINE ltrace Web H660RM OpenSSL ActiveMQ keyboard strace Security PPP DASAN userspace tuner Debian ONT Linux funkey kernel GPON WL-500g DNS Apache OpenGL Internet pppd multimedia GNU MAC FreeBSD event ClamFS LKM key daemon Google IP PHP AMD64 Asus OpenWRT input ClamAV TV ptrace QEMU

Archives

  • July 2019
  • March 2019
  • February 2019
  • July 2010
  • April 2010
  • March 2010
  • November 2009
  • October 2009
  • August 2009
  • July 2009
  • May 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • September 2008
  • May 2008
  • April 2008
  • March 2008
  • January 2008
  • December 2007
  • November 2007
  • About
  • Contact
  • Sitemap
Krzysztof Burghardt’s blog Proudly powered by WordPress
English English Afrikaans Afrikaans العربية العربية Беларуская Беларуская български български català català česky česky Cymraeg Cymraeg dansk dansk Deutsch Deutsch ελληνική ελληνική español español eesti eesti فارسی فارسی suomi suomi français français Gaeilge Gaeilge galego galego עברית עברית हिन्दी हिन्दी hrvatski hrvatski magyar magyar bahasa Indonesia bahasa Indonesia íslenska íslenska italiano italiano 日本語 日本語 한국어 한국어 lietuvių lietuvių latviešu latviešu македонски македонски bahasa Melayu bahasa Melayu Malti Malti Nederlands Nederlands norsk norsk polski polski português português română română русский русский slovenčina slovenčina slovenščina slovenščina shqipe shqipe српски српски svenska svenska Kiswahili Kiswahili ภาษาไทย ภาษาไทย Filipino Filipino Türkçe Türkçe українська українська tiếng Việt tiếng Việt ייִדיש ייִדיש 中文 (简体) 中文 (简体) 中文 (繁體) 中文 (繁體) powered byGoogle