Here is the incomplete (only a tip of the iceberg) list of vendor-shipped vulnerabilities and potentially unwanted software which are likely to be and often considered by the security researchers who have discovered them, and sometimes even by its developers as backdoors, based on third-party reports (usually cybersecurity companies and independent researchers). The date indicates the earliest date (if you find an earlier date please replace it) relating to that backdoor. It may be either a report date, or the date mentioned in the report by the researcher(s) who have discovered the backdoor, or the date of the earliest firmware version it was reported the backdoor is present. Then follows the list of names of companies who developed the relevant parts device since it may be impossible to determine which one is liable for the backdoor. When a company is unknown '?' sign is used. Near a company name the flag of the state the company is affiliated to is placed. The state is determined either based on corresponding Wikipedia articles, companies official websites, companies registries with addresses. It is a pretty widespread practice of companies being registered in the state other than the one they operating, so if it is known that the company contains mostly of citizens of some state, flag of that state can also be used. If company name is unknown, but in the report the state of origin is speculated the flag near '?' sign is put. The last column contains references, searcheable strings, keywords, reference links and other details maynbe useful to find more information about a backdoor to make your own opinion.
strange_strings present in the last column follow 3 purposes:
1 they are pretty unique and can be used to find more info about the backdoor.
2 hence that they are pretty searcheable and can be used to locate the same backdoor in different devices of different companies
login:password are backdoor accounts, which are often hardcoded.
| Date | Brand or its holder | OEM/manufacturer/foundry | Firmware vendor | Component vendor | Details |
|---|---|---|---|---|---|
| 2018 | ๐บ๐ธ Staples Inc., Linksys | ๐บ๐ธ Zonoff, Inc | ? | ? |
Staples Connect / Linksys Zonoff root:oemroot [1]
|
| 2018-03-08 | ๐ซ๐ทSchneider Electric | ? | ? | ? | [2], ICSA-19-031-01[3], CVE-2018-7800[4] |
| 2018-02-15 | ๐บ๐ธAruba Networks | ? | ? | ? | [5], CVE-2018-7080 [6] |
| 2018-01 | ๐น๐ผ Moxa Inc. | ? | ? | ? | [7], CVE-2018-18395[8] |
| 2018 | ๐บ๐ธ Cisco | ? | ? | ? | CVE-2018-0141[9][10] , CVE-2018-0087[11][12] |
| 2017-10-10 | ๐จ๐ณ OnePlus | ? | ? | ? | OnePlus [13][14] |
| 2017-09-25 | ๐บ๐ธ FLIR Systems, Inc. | ? | ? | ? |
FC-334-NTSC, FC-Series ID, FC-Series R, PT-334 200562, D-Series, F-Series root:indigo root:video default:video default: |
| 2017-08-18 | ๐บ๐ธ Netgear | ๐จ๐ณ Foxconn | ? | ? |
genie[17][18][19]
|
| 2017-07-27 | ๐จ๐ณ multiple | ? | ๐จ๐ณ ? | ? | Android.Triada.231[20][21] |
| 2017-07-17 | - | - | - | ๐จ๐ณ NetSarang |
Backdoor.Win32.ShadowPad.a DOOR[22][23]
|
| 2017-04-17 | ๐จ๐ณ Hikvision | ? | ? | ? | DS-2CD2xx2F-I DS-2CD2xx0F-I DS-2CD2xx2FWD DS-2CD4x2xFWD DS-2CD4xx5 DS-2DFx DS-2CD63xx [24] [25] [26] CVE-2017-7921[27] |
| 2017-03-05 | ๐จ๐ณ Dahua | ? | ? | ? | DH-IPC-HDW23A0RN-ZS DH-IPC-HDBW23A0RN-ZS DH-IPC-HDBW13A0SN DH-IPC-HDW13A0SN DH-IPC-HFW13A0SN-W DH-IPC-HDBW13A0SN DH-IPC-HDW13A0SN DH-IPC-HFW13A0SN-W DHI-HCVR51A04HE-S3 DHI-HCVR51A08HE-S3 DHI-HCVR58A32S-S2 , Gen 2, Gen 3 [28] [29] [30] |
| 2017-03-02 | ๐จ๐ณ DBLTek | ? | ? | ? |
DBLTek GoIP dbladm[31][32][33]
|
| 2016-12-10 | ๐จ๐ณ Lenovo | ? | ? | ? | Android.Sprovider.12.origin, Android.Sprovider.7 [34][35][36] |
| 2016-12-06 | ๐ฏ๐ต Sony | ? | ? | ? |
Sony IPELA Engine IP Camera himitunokagi(japanese "secret key") cPoq2fi4cFk zKw2hEr9 primana:primana [37][38]
|
| 2016-11-1u | multiple | ? | ? | ๐จ๐ณ Ragentek |
oyag.lhzbdvm.com lhzbdvm prugskh debugs[39][40]
|
| ๐จ๐ณ | ? | ? | ? | ? | [41] |
| 2016-11-15 | multiple: ๐บ๐ธ[42]BLU Products, ๐จ๐ณ[43]Cubot, ๐ง๐ฉ Walton, ๐จ๐ณ[44]Ulefone, ๐ต๐ฐQMobile, ๐ฏ๐ตPanasonic, ๐ณ๐ตColors Mobile, etc... | ? | ๐จ๐ณ [42]Adups | ? |
com.adups.fota bigdata.adups.com com.fw.upgrade.sysoper rebootv5.adsunflower.com [45][46] [47] [42]
|
| 2016-09-13 | ๐จ๐ณ Xiaomi | ? | ? | ? |
com.miui.analytics lastusefulversion [48][49]
|
| 2016-07-28 | ๐จ๐ณ TP-Link | ? | ? | ? |
HS110 Smart Home Protocol & Device Debug Protocol admin:admin + crippled crypto [50] [51]
|
| 2016 | ๐บ๐ธ Century Link | ๐น๐ผ Zyxel | ? | ? |
PK5001Z 2.6.20.19 admin:CenturyL1nk, root:zyad5001 [52][53] CVE-2016-10401[54]
|
| 2016 | Many | ๐จ๐ณ Hangzhou Xiongmai Technology Co., Ltd. | ? | ? |
default:tluafed default:OxhlwSG8 [55], [56], [57]
|
| 2016-02-12 | ๐น๐ผ D-Link | ? | ? | ? | CVE-2018-6210[58] |
| 2016-01-25 | ๐จ๐ณ Lenovo | ? | ? | ? |
Shareit 12345678 [59][60] , CVE-2016-1491 [61], CVE-2016-1490 [62]
|
| 2016-01-09 | ๐บ๐ธ FortiNet | ? | ? | ? |
FGTAbc11*xy+Qqz27[63][64][65] , CVE-2016-1909[66]
|
| 2015-12-18 | ๐บ๐ธ Juniper | ? | ? | ? |
CVE-2015-7755[67] <<< %s(un='%s') = %u [68]
|
| 2015-11-19 | ๐ฌ๐ง Arris | ? | ? | ? | nested[69] |
| 2015-09-26 | ๐จ๐ณ ? | ? | ? | ? |
root:123456 [70]
|
| 2015-09-02 | Gynoii | ? | ? | ? |
guest:guest guest:12345 [71], CVE-2015-2881[72]
|
| 2015-09-02 | Lens Laboratories(f) | ? | ? | ? |
Peek-a-view LL-BC01W admin:2601hx user:user guest:guest [73], [74][75][76], CVE-2015-2885[77]
|
| 2015-09-02 | ๐ณ๐ฑ Philips Electronics N.V. | ? | ? | ? |
Philips In.Sight M100 admin:M100-4674448 user:M100-4674448 admin:imd5(10 first chars of MAC) mg3500:merlin admin:/ADMIN/ [78] [79], CVE-2015-2882[80]
|
| 2015-09-02 | ๐บ๐ธ / ๐จ๐ณ iBaby Labs, Inc. | ? | ? | ? |
iBaby M3S admin:admin [81], CVE-2015-2887[82]
|
| 2015-09-02 | ๐บ๐ธ Summer Infant Inc. | ? | ? | ? |
1 http://www.nbcnewyork.com/news/local/Baby-Monitor-
Security-Research-324169831.htmlMsC@dm1n!:Auth3nt1c@T3[83] [84]; 2 [85], CVE-2015-2888[86]
|
| 2015-08-30 | ? | ? | ? | ๐จ๐ณ ? |
MVPower JUAN-Device lawishere@yeah.net [87] [88]
|
| 2015-06-30 | ๐จ๐ณ Allwinner | ? | ? | ? |
rootmydevice[89][90], CVE-2016-10225[91]
|
| 2015 | ๐บ๐ธ Supermicro | ๐จ๐ณ | ? | ? | Hardware backdoor via an additional disguised chip on servsr mainboards [92][93] |
| 2015-05-?? | ๐จ๐ณ Lenovo | ? | ? | ? | BIOS backdoor using Windows Platform Binary Table [94][95] |
| 2015-02-12 | ๐บ๐ธ Grandstream | ๐จ๐ณ ? | ? | ? |
gshz a50ba3e905c0627eb0a204d82880fb46 sfTXrhCA2010 dspg_cordless_config [96] [97][98][99]
|
| 2015-01 | ๐ท๐บ๐จ๐ณ๐ฌ๐ง๐ง๐พ๐ฎ๐ท... multiple... | ? | ? | ๐จ๐ณ ? |
Cosiloon[100], Android.DownLoader.473.origin com.google.e<Something>Service[101][102]
|
| 2015-01-14 | ๐จ๐ณ Dahua | ? | ? | ? |
admin:7ujMko0<hardcoded[103] password to web interface>[104][105][106], [107][108]
|
| 2014-12-18 | ๐จ๐ณYulong | ? | ? | ? |
CoolReaper coolyun.com 51Coolpad.com 3.142.37.149 com.android.update.dmp persyst.sys.presetota.flag BackDoorManager processBackDoor [109][110][111]
|
| 2014-09-23 | ๐ฌ๐ง Arris, ๐บ๐ธ Motorolla | ? | ? | ? |
technician yZgO8Bvj [112][113]
|
| 2014-09-21 | ๐จ๐ณ Lenovo | ? | ? | ? | SuperFish[114][115][116][117][118][119][120][121][122] |
| 2014-09-13 | ๐จ๐ณ Nexx | ? | ? | ? |
Nexx WT1520H nexxadmin:y1n2inc.com0755 [123][124][125][126]
|
| 2014-08-25 | ๐จ๐ณ Netis/ ๐จ๐ณ Netcore | ๐จ๐ณ Netcore | ? | ? |
Netis/Netcore 53413 netcore[127][128]
|
| 2014-08-19 | ๐จ๐ณ Huawei | ? | ? | ? |
Huawei zzfdfwetljioi34004t50jodjgkjgjiyte894uifdug89h98y3hjhgjdgjuihjqq admin:HW4GCPE[129][130]
|
| 2014-08-07 | ๐จ๐ณ Xiaomi | ? | ? | ? |
api.account.xiaomi.com[131][132]
|
| 2014-07-?? | ๐น๐ผ D-Link, ๐บ๐ธ WD | ๐น๐ผ D-Link | ? | ? |
mydlinkBRionyg:abc12345cba[133][134]
|
| 2014-06-16 | ๐จ๐ณ Star | ? | ? | ? |
Android.Trojan.Uupay.D [135][136]
|
| 2014-03-31 | ๐จ๐ณ ? | ? | ? | ๐จ๐ณ Goohy |
Trojan.AndroidOS.Uupay.a[137]
|
| 2014-02-03 | ๐จ๐ณ ZTE | ? | ? | ? |
admin:<last 4 hex digits of MAC address>airocon[138][139][140], CVE-2014-0329[141][142]
|
| 2014-01-28 | ๐ฐ๐ท Samsung | ? | ? | ? | baseband backdoor [143][144] |
| 2014-01-10 | ๐บ๐ธ Cisco | ? | ? | ? | CVE-2014-0659[145][146] |
| 2013-12-31 | ๐บ๐ธ Linksys, ๐บ๐ธ Netgear, ๐บ๐ธ Cisco, ๐บ๐ธ Diamond Multimedia | ? | ๐น๐ผ SerComm | ? |
ScMM[147][148] , CVE-2014-0659[149]
|
| 2013-10-24 | ๐บ๐ธStem Innovation (Iconoscope) | ? | ? | ? |
root[150][151][152]
|
| 2013-10-17 | ๐จ๐ณ Tenda & Medialink | ? | ? | ? |
Tenda & Medialink w302r_mfg[153][154]
|
| 2013-07-11 | ๐บ๐ธ HP | ? | ? | ? |
HP D2D/StorOnce HPSupport:badg3r5[155][156][157], [158]
|
| 2013-07-02 | ๐บ๐ธ HP | ? | ? | ? |
RedHook LHN 4.1 SKEY 20030101 - Kelly [159][160] , CVE-2013-2352[161]
|
| 2013-04-30 | ๐น๐ผ D-Link | ? | ? | ? |
Alphanetworks:wrg_<something>_<router model name>[162][163], CVE-2017-14421[164]
|
| ? | ๐จ๐ณ TP-Link | ? | ? | ? |
userRpmNatDebugRpm26525557 osteam:5up linux_cmdline.html[165][166][167]
|
| 2013-02-12 | ๐จ๐ณ TP-Link | ? | ? | ? |
userRpmNatDebugRpm26525557 [168] and start_art.html nart.out[169]
|
| 2012-11-26 | ๐ฐ๐ท Samsung, ๐บ๐ธ Dell | ๐ฐ๐ท Samsung | ? | ? |
s!a@m#n$p%c[170][171][172][173], CVE-2012-4964[174]
|
| 2012-11-20 | ๐บ๐ธ Barracuda Networks | ? | ? | ? | [175] |
| 2012-05-10 | ๐จ๐ณ ZTE | ? | ? | ? |
ZTE sync_agent ztex1609523[176][177], CVE-2012-2949[178]
|
| 2012-04-23 | ๐บ๐ธ RuggedCom | ? | ? | ? |
factory 999999929 [179][180][181][182], CVE-2012-1803[183], CVE-2012-2441[184]
|
| 2012-03-21 | ๐บ๐ธ AT&T | ๐บ๐ธ Cisco[185] | ? | ? |
BackdoorPacketCmdLine_req 234.2.2.7 [186][187]
|
| 2012-01-23 | ๐ซ๐ทSchneider Electric, ๐ฉ๐ช WAGO Kontakttechnik and other | ? | ? | ๐ฉ๐ช 3-S Smart Software Solutions | CVE-2011-4859[188] , CVE-2012-4879[189], [190][191],[192][193][194][195] |
| 2011-12-26 | ๐บ๐ธ Intel | ? | ๐จ๐ณ ? | ? | Chinese-manufactured Intel server mainboards[196] |
| 2011-09-15 | ๐น๐ผ D-Link | ? | ? | ? |
xmlset_roodkcableoj28840ybtide[197][198][199], CVE-2013-6026[200][201]
|
| 2010 | ๐บ๐ธ Trendnet | ? | ? | ? |
TV-IP110W TV-IP110WN TV-IP322P TV-IP110WN TV-IP410 TV-IP121W TV-IP410W TV-IP121WN TV-IP410WN TV-IP121WN TV-IP422 TV-IP212 TV-IP422W TV-IP212W TV-IP422WN TV-IP252P TV-VS1 TV-IP312 TV-VS1P netcam [202] [203] [204]
|
| 2009? | ๐ฌ๐ง Arris | ? | ? | ? |
MPSJKMDHAI[205][206][207][208][209]
|