OpenWAG200

Question

OpenWAG200

DuaneBarry opened this issue 11 years ago · 5 comments

Vulnerable even with this installed http://sourceforge.net/projects/openwag200/files/OpenWAG200/1.4/
-download configuration with cleartext http admin password
-in shell with command "reboot" the router obeys
-work on WAN (Internet)

elvanderb commented 11 years ago

So?

Answer 1 · 2014-01-04T20:59:04.000Z

Interesting, thank you :)
I added it to the list, maybe OpenWAG200 is a little bit too open :P

Answer 2 · 2014-01-05T22:42:41.000Z

UPDATE:
thanks of the ssh/telnet access present on OpenWAG200 and killing all of the processes called scfgmgr like you suggested in issue#61, the backdoor is not usable:

$ python poc.py --ip 192.168.200.253 --shell
probably not vulnerable (error: [Errno 111] Connection refused)

But the WebInterface become broken:
-the SETUP page is not complete
-the STATUS page display no information

Answer 3 · 2014-01-06T02:40:43.000Z

This work for me

iptables -I INPUT -i ppp0 -p tcp --dport 32764 -j DROP

Answer 4 · 2014-12-28T23:46:11.000Z

Maybe that's a little bit late, but i'd like to point out that the now dead openwag200g wasn't listening on the internet after all.
(snippet from original firewall script:
SYSLOG "# ------ [ Special Port Handling ] ------------------- #"
$IPTABLES -A INPUT_TCP -i $WANIF -m multiport -p tcp --dport 23,80,32764 -j DROP
)