Researchers have identified a router so fraught with vulnerabilities and so “utterly broken” that it can be exploited to do pretty much anything. An attacker could bypass its authentication, peruse sensitive information stored in the router’s system logs and even use the device to execute OS commands with root privileges via a hardcoded root password.
Tao Sauvage, a Security Consultant with IOActive Labs purchased the device, a BHU WiFi router he nicknamed “uRouter” on a recent trip to China. The device’s web interface was in Chinese but after he opened the router, he was able to extract its firmware, get shell access and analyze its code. Once in, Sauvage reverse engineered some binaries and discovered that there were three different ways to gain administrative access to the router’s web interface.