RE: Hacking ZTE router (ZXHN H108N) 06-25-2014, 08:46 PM
#5
This router is running BusyBox v1.01...
Telnet is not a vulnerability (as you may already know) but a good attack vector ... the vulnerability is the default username/password! Which can't (yes it can NOT) be avoided easily, Kaminsky talked about this issue in this interview (recommended to watch)
The access is not a problem... it is what you can do after that (with 64kb memory and about 16kb for storage)...
What I hacked so far was iptables and dnsmasq (a simple DNS and DHCP server)... I did check also httpd (apache) and minihttp on other routers.
The problem is... lots of people are using these routers! So you can actually go into any coffeeshop, company, airport, store, resturant... etc. and find these routers (from ZTE, TP-Link and BandLuxe), ISP companies know about this issue and they are ignoring it (totally, royally and intentionally)... Do you know how crazy is this? I thik that the whole country is vulnerable!!!
I downloaded the source code for both DDWRT and OpenWRT to test... it will take me a while though to finish my testing, so if you find anything on your part please let me know and I will gratefully appreciate it
Thanks
Telnet is not a vulnerability (as you may already know) but a good attack vector ... the vulnerability is the default username/password! Which can't (yes it can NOT) be avoided easily, Kaminsky talked about this issue in this interview (recommended to watch)
The access is not a problem... it is what you can do after that (with 64kb memory and about 16kb for storage)...
What I hacked so far was iptables and dnsmasq (a simple DNS and DHCP server)... I did check also httpd (apache) and minihttp on other routers.
The problem is... lots of people are using these routers! So you can actually go into any coffeeshop, company, airport, store, resturant... etc. and find these routers (from ZTE, TP-Link and BandLuxe), ISP companies know about this issue and they are ignoring it (totally, royally and intentionally)... Do you know how crazy is this? I thik that the whole country is vulnerable!!!
I downloaded the source code for both DDWRT and OpenWRT to test... it will take me a while though to finish my testing, so if you find anything on your part please let me know and I will gratefully appreciate it
Thanks
![[Image: wvBFmA5.png]](http://i.imgur.com/wvBFmA5.png)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)