elvanderb/TCP-32764

NETGEAR DGN1000 vulnerable

monga opened this issue · 7 comments

I can confirm the vulnerability on this model (Firmware Version V1.1.00.46_ww).

Thank you for your work.

Thank you, I updated the list :)
Do you know if there is any difference between your router and the other DGN1000 mentionned in the readme?

No, I don't, sorry: they are very likely to be the same. I've sent the issue message just to document also the firmware version.

Ok, thank you :)

Has anyone found a alternative firmware that can be applied. DD-WRT? Open WRT & Tomato don't have firmware for this router. I have tried to block the port using exiting firmware without success.

I brought this issue up with netgear support (2014/01/17), and just in the last few days they have released a new firmware version that resolves the port 32764 issue. The new firmware is available on their website (http://downloadcenter.netgear.com/other/)

I've confirmed that the below version works correctly.
http://www.downloads.netgear.com/files/GDC/DGN1000/DGN1000-V1.1.00.49WW.zip

If the original backdoor was a planned 'feature', then its possible that there is a knocking sequence required to unlock port 32764 (that is, port 32764 opens after trying port 5000, then 8000 before 32764 as an example).

I'll have a look, thank you :)

Oh god :')
Expect some lolz in the next few days :)