Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Router Default Password with Cable Connection


  • Please log in to reply
9 replies to this topic

#1 willywolf

willywolf

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 14 September 2015 - 07:05 PM

Hi,

if hackers detect your router admin panel password, but you browse only via cable and don't use Windows network file sharing, what can they do? Can they still steal your passwords, personal information or somehow access your home PC devices? If you browse only via cable, but the router wireless radio button has been accidentally activated, can they do anything? Thank you and let me know



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 15 September 2015 - 11:52 AM

Depends on the kind of router.

 

Is this a general question, or do you have a specific router in mind?


Edited by Didier Stevens, 15 September 2015 - 12:23 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 willywolf

willywolf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 15 September 2015 - 05:22 PM

It's a general question, just to know. Can you please explain better what you mean when you say it depends on the kind of router?



#4 Riemann

Riemann

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 16 September 2015 - 01:19 AM

Different routers have different vulnerabilities and weaknesses, and also different architectures. If we're just talking admin panel password, then it really depends on the functionality of the admin panel and what vulnerabilities are present in the code. 

 

For example, let's say you're looking at a router like the TRENDnet TEW-812DRU, and find that it's vulnerable to command execution through a SQL injection vulnerability, which ultimately allows an attacker to gain root privileges on the router. 

 

From there the attacker could, for example, add false DNS entries to re-route traffic destined for Gmail, your bank, Facebook, etc to any address she'd like. By forcing you to browse her custom site she could attempt to fool you to logging into a spoofed version of one of these sites to steal your credentials or try to exploit your machine through your browser (e.g. angler exploit kit).

 

Instead of redirecting your traffic, she could also start injecting JavaScript into unencrypted HTTP traffic and you'd probably never even know it happened. She could use that to install malware through something like a drive-by download, or maybe just run a JavaScript keylogger within the context of a login page that redirects from HTTP to HTTPS.

 

Since our hypothetical router is running Linux, the attacker may also be able to use something like TCP dump to start recording all of your unencrypted traffic looking for interesting information like credit card numbers, passwords, etc. Or she could make matters easier and SSL-strip/MiTM your HTTPS traffic so that it's all sent in plaintext. That would allow her to steal all of your credit card info, passwords, etc without having to worry about whether or not it's encrypted. If nothing else, she could use the router as a bridge onto your local network to attack the devices that are connected to it.

 

Of course this is all hypothetical, since I haven't actually rooted a router to have a look around, but I think all of this is well within the range of possibility. For example, here's this: https://securityevaluators.com/knowledge/case_studies/routers/soho_service_hacks.php (the TRENDnet TEW-812DRU is specifically vulnerable to a command injection technique like this).



#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 16 September 2015 - 12:54 PM

It's a general question, just to know. Can you please explain better what you mean when you say it depends on the kind of router?

 

Well, in your title you mention a default password (although you don't mention that in your post). So that means everybody can have access to the router, no exploits are required.

 

There are routers that have the functionality to capture network traffic, and there are routers that don't have that functionality.

Capturing unencrypted network traffic is a way to steal passwords, PII, ...


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 willywolf

willywolf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 16 September 2015 - 02:58 PM

Even if the router works only in ethernet mode and the wi-fi network hasn't been configured?



#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 16 September 2015 - 03:08 PM

What do you mean with "ethernet mode"? That you connect to the router via a network cable?


Edited by Didier Stevens, 16 September 2015 - 03:09 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 willywolf

willywolf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 16 September 2015 - 03:15 PM

Yes, only via cable.



#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 16 September 2015 - 03:24 PM

Yes, if the router has a default password and has a network interface with a public IP address (e.g. connected to the Internet), then it is accessible to everybody.

Unless it offers no management console on the network interface facing the Internet.

 

Ethernet or Wifi doesn't make a difference for this scenario.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 Riemann

Riemann

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 16 September 2015 - 03:26 PM

You can test it out... open a browser and type the address for the router (usually 192.168.0.1:80 for residential) and see if the admin panel loads. If it doesn't work that way, you might try https:// in front of the address. If you don't know the address, open a command prompt/terminal and type the following: Windows: ipconfig /all Linux/OS X: netstat -nr Look for the following: Windows: value for "Default Gateway" Linux/OS X: value under "Gateway" If the admin is available from the inside (when you're wired to it), then there's a chance it's also listening on the external port and is available if someone know's the public IP of the device (or has already fingerprinted it, using something like Shodan).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users