Routers With Hidden Backdoors Discovered

Routers With Hidden Backdoors Discovered

Jetstream and Wavlink routers have been detected to contain hidden backdoors that allow remote code execution and tries to connect Mirai botnet.

Routers With Hidden Backdoors Discovered

Researchers (Mantas Sasnauskas, James Clee and Roni Carta) have discovered malicious backdoors on multiple Chinese-made WiFi routers sold on Walmart, Amazon and eBay. The hidden backdoor on these devices gives an attacker remote code execution capability through a nicely designed GUI built for this purpose.

Researchers declare that the first of these vulnerable routers is a Walmart-exclusive router branded as Jetstream. The second router to have contained the similar vulnerability is announced as the Wavlink router, that is being sold on Amazon and eBay. Wavlink routers have also been detected to contain a malicious script that lists nearby WiFi networks and have the capability to connect them.

As the researcher declare, both the Jetstream and Wavlink routers even have a separate GUI for their backdoors that enable the attackers to run a system command as root. However, the backdoor is also accessible by attackers without a GUI. Through the hidden backdoor, an attacker can discover the username and password for the router by inspecting the JavaScript code in the admin page’s HTML.

What is more, the researchers found evidence that the discovered backdoors are being actively exploited in an attempt to add these devices to a Mirai botnet.

You can watch the video shared by the researchers to learn more about the discovered vulnerabilities on these devices.

Hidden Backdoor on Multiple WiFi Routers

You can also read our article How to Secure Your Home WiFi Router in 15 Simple Steps? to learn more about WiFi router security.