NETGEAR DGN1000 vulnerable #27

Closed
monga opened this Issue Jan 3, 2014 · 7 comments

Comments

Projects
None yet
4 participants
@monga

monga commented Jan 3, 2014

I can confirm the vulnerability on this model (Firmware Version V1.1.00.46_ww).

Thank you for your work.

@elvanderb

This comment has been minimized.

Show comment
Hide comment
@elvanderb

elvanderb Jan 3, 2014

Owner

Thank you, I updated the list :)
Do you know if there is any difference between your router and the other DGN1000 mentionned in the readme?

Owner

elvanderb commented Jan 3, 2014

Thank you, I updated the list :)
Do you know if there is any difference between your router and the other DGN1000 mentionned in the readme?

@monga

This comment has been minimized.

Show comment
Hide comment
@monga

monga Jan 3, 2014

No, I don't, sorry: they are very likely to be the same. I've sent the issue message just to document also the firmware version.

monga commented Jan 3, 2014

No, I don't, sorry: they are very likely to be the same. I've sent the issue message just to document also the firmware version.

@elvanderb

This comment has been minimized.

Show comment
Hide comment
@elvanderb

elvanderb Jan 3, 2014

Owner

Ok, thank you :)

Owner

elvanderb commented Jan 3, 2014

Ok, thank you :)

@stirech

This comment has been minimized.

Show comment
Hide comment
@stirech

stirech Feb 14, 2014

Has anyone found a alternative firmware that can be applied. DD-WRT? Open WRT & Tomato don't have firmware for this router. I have tried to block the port using exiting firmware without success.

stirech commented Feb 14, 2014

Has anyone found a alternative firmware that can be applied. DD-WRT? Open WRT & Tomato don't have firmware for this router. I have tried to block the port using exiting firmware without success.

@zmaile

This comment has been minimized.

Show comment
Hide comment
@zmaile

zmaile Apr 7, 2014

I brought this issue up with netgear support (2014/01/17), and just in the last few days they have released a new firmware version that resolves the port 32764 issue. The new firmware is available on their website (http://downloadcenter.netgear.com/other/)

I've confirmed that the below version works correctly.
http://www.downloads.netgear.com/files/GDC/DGN1000/DGN1000-V1.1.00.49WW.zip

If the original backdoor was a planned 'feature', then its possible that there is a knocking sequence required to unlock port 32764 (that is, port 32764 opens after trying port 5000, then 8000 before 32764 as an example).

zmaile commented Apr 7, 2014

I brought this issue up with netgear support (2014/01/17), and just in the last few days they have released a new firmware version that resolves the port 32764 issue. The new firmware is available on their website (http://downloadcenter.netgear.com/other/)

I've confirmed that the below version works correctly.
http://www.downloads.netgear.com/files/GDC/DGN1000/DGN1000-V1.1.00.49WW.zip

If the original backdoor was a planned 'feature', then its possible that there is a knocking sequence required to unlock port 32764 (that is, port 32764 opens after trying port 5000, then 8000 before 32764 as an example).

@elvanderb

This comment has been minimized.

Show comment
Hide comment
@elvanderb

elvanderb Apr 7, 2014

Owner

I'll have a look, thank you :)

Owner

elvanderb commented Apr 7, 2014

I'll have a look, thank you :)

@elvanderb

This comment has been minimized.

Show comment
Hide comment
@elvanderb

elvanderb Apr 7, 2014

Owner

Oh god :')
Expect some lolz in the next few days :)

Owner

elvanderb commented Apr 7, 2014

Oh god :')
Expect some lolz in the next few days :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment