Krzysztof Burghardt’s blog

Krzysztof Burghardt’s blog

Create. Break. Fix. Repeat.

CommentsPosts
 
 
 

DASAN H665 has vendor backdoor built into BusyBox’s /bin/login

[Translate]

DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account named “dnsekakf2$$” gives access to admin (uid 0) account over telnet, at least for administration interface documented in H665 QIG (Quick Guide).

DASAN H665 is GPON Optical Network Terminal (ONT). It could work as router/NAT or bridge and allow End User to Web […]

February 15th, 2019 | Tags: BusyBox, DASAN, GPON, H665, Linux, login, ONT, Security, telnet | Category: English, Hardware, Linux, Security | Leave a comment

Pages

  • About
    • Contact
    • Certificates
    • OpenPGP public key
  • Sitemap

Popular Posts

  • nCipher HSM with OpenSSL 32 views
  • DASAN H665 has vendor backdoor built into BusyBox’s /bin/login 30 views
  • diag_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to information disclosure and DoS attacks 29 views
  • Boa Webserver on DASAN H660RM devices with firmware 1.03-0022 saves post data, including credentials, to /tmp/boa-temp 24 views
  • Multiple FreeBSD jails sharing one IP address 18 views

Recent Posts

  • diag_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to information disclosure and DoS attacks
  • Boa Webserver on DASAN H660RM devices with firmware 1.03-0022 saves post data, including credentials, to /tmp/boa-temp
  • syslog_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 uses a hard-coded key for logs encryption
  • DASAN H665 has vendor backdoor built into BusyBox’s /bin/login
  • ESE Key Daemon 1.2.7 released

Archives

  • March 2019 (3)
  • February 2019 (1)
  • July 2010 (1)
  • April 2010 (1)
  • March 2010 (1)
  • November 2009 (1)
  • October 2009 (2)
  • August 2009 (1)
  • July 2009 (1)
  • May 2009 (1)
  • March 2009 (3)
  • February 2009 (1)
  • January 2009 (5)
  • December 2008 (1)
  • November 2008 (2)
  • September 2008 (3)
  • May 2008 (5)
  • April 2008 (1)
  • March 2008 (5)
  • January 2008 (3)
  • December 2007 (6)
  • November 2007 (9)

Tags

ActiveMQ AMD64 Apache Asus ClamAV ClamFS daemon DASAN Debian DNS event FreeBSD funkey GNU Google GPON H660RM input Internet IP kernel key keyboard Linux LKM ltrace MAC multimedia ONT OpenGL OpenSSL OpenWRT PHP PPP pppd ptrace QEMU Security strace tuner TV userspace Web WINE WL-500g
Copyright © 2006-2019 Krzysztof Burghardt
Header image copyright © 2006 DocentX (licensed under the Creative Commons Attribution ShareAlike 3.0 License).
Powered by WordPress & Atahualpa
English English Afrikaans Afrikaans العربية العربية Беларуская Беларуская български български català català česky česky Cymraeg Cymraeg dansk dansk Deutsch Deutsch ελληνική ελληνική español español eesti eesti فارسی فارسی suomi suomi français français Gaeilge Gaeilge galego galego עברית עברית हिन्दी हिन्दी hrvatski hrvatski magyar magyar bahasa Indonesia bahasa Indonesia íslenska íslenska italiano italiano 日本語 日本語 한국어 한국어 lietuvių lietuvių latviešu latviešu македонски македонски bahasa Melayu bahasa Melayu Malti Malti Nederlands Nederlands norsk norsk polski polski português português română română русский русский slovenčina slovenčina slovenščina slovenščina shqipe shqipe српски српски svenska svenska Kiswahili Kiswahili ภาษาไทย ภาษาไทย Filipino Filipino Türkçe Türkçe українська українська tiếng Việt tiếng Việt ייִדיש ייִדיש 中文 (简体) 中文 (简体) 中文 (繁體) 中文 (繁體) powered byGoogle