The downloaded file is compressed via RAR and extracts to US_AC18V1.0BR_V15.03.05.05_multi_TD01.bin. The firmware is located at, and “AC18 Firmware V15.03.05.05_EN” is the newest and vulnerable version. We begin the audit as all Internet of Things (IoT) audits should: download the firmware, extract, and enumerate the attack surface. This weird behavior makes us wonder: is this a vendor backdoor or something more serious? The Basics In addition we found a weird IPTables rule that allows a specific WAN IP to connect to “internal management ports” of the device. We found what we thought was a 0-day, until we saw someone previously discovered and reported it. We recently acquired an AC1900 11ac Smart Dual-band Gigabit WiFi Router (AC18) and decided to audit its security.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |