Routers produced by China-based networking solutions provider Netis Systems are plagued by a security hole that can be leveraged by an attacker to gain control of the devices, Trend Micro reported on Monday.
Netis Systems is part of the Netcore Group, which is headquartered in Shenzhen. Their products are sold under the Netcore brand name in China and as Netis is other parts of the world. According to the security firm, Netis/Netcore routers are exposed by a backdoor that can be easily exploited.
A remote attacker that knows the targeted router’s external IP address can gain access to it through the UDP port 53413. In order to get to the actual backdoor, the attacker must enter a password, but this feature provides little protection because the password is hardcoded in the firmware. Furthermore, all Netcore/Netis routers seem to have the same password.
Trend Micro Threat Researcher Tim Yeh believes most routers are plagued by this flaw. A scan performed with ZMap, the open-source network scanner that allows researchers to conduct studies, revealed that there are two million potentially vulnerable devices. While most of them are located in China, some have been found in South Korea, Taiwan, Israel and the United States.
Once logged in, an attacker can perform a wide range of tasks, including download, upload and execute files.
“This gives the attacker near-complete control of the router. For example, settings can be modified to help carry out man-in-the-middle attacks,” Yeh explained in a blog post.
Experts noted that the documentation for these Netcore/Netis routers doesn’t mention anything about the backdoor and what it might be used for. Trend Micro said it reported the existence of the flaw to the manufacturer but received no response. SecurityWeek has also reached out to the company, but hasn’t heard back by press time.
The security firm says users can’t do much to address the issue. The best option is to stop using the vulnerable devices. The easiest way to determine if a router is affected is to probe port 53413 with an online scanner.
Vulnerabilities in small office/home office (SOHO) routers are not uncommon. At the SOHOpelessly Broken contest that took place at the DefCon 22 security conference, researchers reported a total of 15 zero-day flaws.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- New York Man Arrested for Running BreachForums Cybercrime Website
- Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies
Latest News
- Backslash Snags $8M Seed Financing for AppSec Tech
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- Chrome 111 Update Patches High-Severity Vulnerabilities
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Malware Trends: What’s Old Is Still New
- Burnout in Cybersecurity – Can It Be Prevented?
