![]() This file was last modified when the firmware was installed, comparing it to other files.īy the Chinese name, and seeing at least one more record of this public key online - I came to the conclusion this seems like a backdoor used by ZTE developers which allows them to connect with SSH to any router they wish.īy the way, upon further testing, the router is actually accessible from the internet (with SSH and Telnet).Īnyway, I tried to remove it but it seems that the filesystem was mounted as read-only fs. Ssh-dss you look closely, you can see that the user is in both public keys. Upon further inspection I saw that an authorized_keys file exists. The steps in opening a port are: Setup a static IP address on the device or computer you want a port forwarded to. The GoAhead webserver backdoor is still analyzed. : ZTE confirmed the hard-coded administrator password issue. : Vendor confirmed receive of the advisory. Except as expressly provided in any written license. ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering the subject matter of this document. Then I noticed that they have a Dropbear SSH server installed in /etc/dropbear. : Contacting vendor through : Vendor provides initial contact. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the information contained herein. ![]() Recently, upon connecting to it with Telnet (with some default username-password, of course), I decided to go around the filesystem. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |