Skip to content

Krzysztof Burghardt’s blog

Create. Break. Fix. Repeat.

  • About
  • Contact
  • Sitemap

Tag: login

DASAN H665 has vendor backdoor built into BusyBox’s /bin/login

[Translate]

DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account named “dnsekakf2$$” gives access to admin (uid 0) account over telnet, at least for administration interface documented in H665 QIG (Quick Guide).

DASAN H665 is GPON Optical Network Terminal (ONT). It could work as router/NAT or bridge and allow End User to Web Access device at http://192.168.55.1/. Depending on device’s configuration it might assign different 192.168.X.0/24 subnet over DHCP, but device still reply to traffic on 192.168.55.1 from any devices in 192.168.55.0/24 subnet.

This vulnerability was assigned CVE-2019-8950.

Continue reading “DASAN H665 has vendor backdoor built into BusyBox’s /bin/login”

Author Krzysztof BurghardtPosted on February 15, 2019March 18, 2019Categories English, Hardware, Linux, SecurityTags BusyBox, DASAN, GPON, H665, Linux, login, ONT, Security, telnet2 Comments on DASAN H665 has vendor backdoor built into BusyBox’s /bin/login
  • About
  • Contact
  • Sitemap
  • DASAN H665 has vendor backdoor built into BusyBox’s /bin/login 4 views
  • diag_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to information disclosure and DoS attacks 2 views
  • syslog_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 uses a hard-coded key for logs encryption 1 view
  • Wine with on-access ClamAV scanning 1 view
  • How to restrict Internet access to known IP/MAC on OpenWRT? 1 view
  • How to mount file systems easily in Midnight Commander 1 view
  • FreeBSD with X.Org on QEMU 1 view
OpenWRT Google WINE tuner ltrace strace GNU Apache input AMD64 FreeBSD key LKM keyboard Asus daemon WL-500g OpenGL DASAN ActiveMQ ClamFS TV Debian QEMU GPON MAC DNS multimedia pppd ClamAV ONT userspace event funkey kernel IP ptrace Web Internet H660RM PHP Linux OpenSSL Security PPP

Archives

  • July 2019
  • March 2019
  • February 2019
  • July 2010
  • April 2010
  • March 2010
  • November 2009
  • October 2009
  • August 2009
  • July 2009
  • May 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • September 2008
  • May 2008
  • April 2008
  • March 2008
  • January 2008
  • December 2007
  • November 2007
  • About
  • Contact
  • Sitemap
Krzysztof Burghardt’s blog Proudly powered by WordPress
English English Afrikaans Afrikaans العربية العربية Беларуская Беларуская български български català català česky česky Cymraeg Cymraeg dansk dansk Deutsch Deutsch ελληνική ελληνική español español eesti eesti فارسی فارسی suomi suomi français français Gaeilge Gaeilge galego galego עברית עברית हिन्दी हिन्दी hrvatski hrvatski magyar magyar bahasa Indonesia bahasa Indonesia íslenska íslenska italiano italiano 日本語 日本語 한국어 한국어 lietuvių lietuvių latviešu latviešu македонски македонски bahasa Melayu bahasa Melayu Malti Malti Nederlands Nederlands norsk norsk polski polski português português română română русский русский slovenčina slovenčina slovenščina slovenščina shqipe shqipe српски српски svenska svenska Kiswahili Kiswahili ภาษาไทย ภาษาไทย Filipino Filipino Türkçe Türkçe українська українська tiếng Việt tiếng Việt ייִדיש ייִדיש 中文 (简体) 中文 (简体) 中文 (繁體) 中文 (繁體) powered byGoogle