![]() ![]() This file was last modified when the firmware was installed, comparing it to other files.īy the Chinese name, and seeing at least one more record of this public key online - I came to the conclusion this seems like a backdoor used by ZTE developers which allows them to connect with SSH to any router they wish.īy the way, upon further testing, the router is actually accessible from the internet (with SSH and Telnet).Īnyway, I tried to remove it but it seems that the filesystem was mounted as read-only fs. Ssh-dss you look closely, you can see that the user is in both public keys. The world's fourth largest mobe-maker acknowledged a problem, but said it was restricted to the Score M, which runs Android 2.3.4 and is distributed through MetroPCS in the US. Upon further inspection I saw that an authorized_keys file exists. The password needed to access the backdoor, located in the /system/bin/syncagent file, is readily available online. ![]() Then I noticed that they have a Dropbear SSH server installed in /etc/dropbear. Should we discover any issues, we will contact customers directly," Telstra said in a statement.Recently, upon connecting to it with Telnet (with some default username-password, of course), I decided to go around the filesystem. That said, we take device security very seriously, and we are conducting more extensive testing to confirm our initial findings. "Our preliminary tests suggest that handsets supplied to Telstra are unaffected by this issue. Read A Court of Wings and Ruin Looming war threatens all Feyre holds dear in the third volume of the 1 New York Times bestselling A Court of Thorns and Roses series. I just flashed the original firmware back to my MF286D and the routers web-UI claims a firmware -version of B11, whereas mmcli on OpenWRT claims the odd 1.0.1B05 - googling around, I didnt come across any mention of the version starting with '1.0.1', only '1.0.0'. The vulnerability is due to insufficient sanitizing of user supplied. I dont think the Elisa firmware -version corresponds with the modem firmware. ZTE Multi-Service Access SolutionCopyright ZTE.All rights reserved ZXHN F660 is a GPON Optical Network Terminal designed for FTTH scenario. Telstra is aware of the issue, and is in the process of testing its devices, to determine if the backdoor exists on them. This indicates an attack attempt against a Code Execution vulnerability in ZTE Routers. ZTE has offices in Sydney and Melbourne, and is a supplier of a large number of Telstra mobile phones, typically rebranded as Telstra's own T- and F-series mobile phones. While no telco in Australia appears to be selling the Score M or Skate mobile phones outright, it is still possible to purchase it online or through smaller firms. The phone is available in the US and the UK, amongst other markets. Just give the magic, hard-coded password to get a root shell. There is a setuid-root application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |