Million Routers vulnerable to NetUSB & Backdoor port 32764Routers that are always online and exposed to the internet is more popular than ever to break into for remote blackhat hackers. A popular vulnerability exist in the NetUSB that was made by KCodes Technology Taiwanese company. More than 26 Vendors products are set to be affected by the vulnerability flaw rending millions of routers worldwide wide open to attack from hackers, worms, script kiddies and even government offices. The NetUSB functionality is used as a USB share port running over IP connection. It can allow for multiple users being plugged in to the router to easily share content. The vulnerability found exist in the authentication step. In the request to sent name as part of the confirmation process. Many devices even expose this port to the Internet TCP port 20005 without giving the user any way to turn it off or firewall it. Other vendors require a firmware updateIt comes as a default setup on many router brands to have the TCP port 20005 wide open even to the Internet. Common average users might not even know how to login to their router and flash to a new firmware update. Rendering them vulnerable and just waiting to be compromised. The vendors included using the vulnerable software includes ZyXEL, TP-Link, Trendnet, D-Link, Netgear just to mention a few. There are many other vendors effected as well. Netgear and Zyxel did already release firmware to fix the flaw. However it can still be a challenge for non tech savy users to upgrade their routers. Many users would be forced to hire a technical consultant to perform the upgrade and secure their site. To fix the vulnerability and or close the portIt is highly recommended you scan your public IP router and see if you are vulnerable to the flaw. Another popular and even worse vulnerability in routers is the TCP 32764 backdoor. There is speculation if this is a backdoor introduced by government agencies such as NSA. Vulnerable routers to this backdoor includes PopularCisco, Diamond, Netgear, Linksys and more. Now the backdoor was patched and fixed but it seems SerComm added the backdoor again in a recent update. If you are running the vulnerable routers it is recommended you scan your site asap and find out if you are exposed to the vulnerabilities.
You can get a free scan by clicking the link in the right side menu and find out quickly if you are vulnerable to attack.
The Penetrator Vulnerability Scanner Appliance and Software can detect the vulnerabilities. It also supports to setup a schedule to easily and automatically scan your local and public IPs to find vulnerabilities. You will then automatically get notified once vulnerabilities are detected across your network. |