Skip to content

Instantly share code, notes, and snippets.

@KOLANICH KOLANICH/Backdoors.mediawiki Secret
Last active Feb 4, 2019

Embed
What would you like to do?
The incomplete list of backdoors

Table of Contents

List of vendor-shipped backdoors

About this list

Here is the incomplete (only a tip of the iceberg) list of vendor-shipped vulnerabilities and potentially unwanted software which are likely to be and often considered by the security researchers who have discovered them, and sometimes even by its developers as backdoors, based on third-party reports (usually cybersecurity companies and independent researchers). The date indicates the earliest date (if you find an earlier date please replace it) relating to that backdoor. It may be either a report date, or the date mentioned in the report by the researcher(s) who have discovered the backdoor, or the date of the earliest firmware version it was reported the backdoor is present. Then follows the list of names of companies who developed the relevant parts device since it may be impossible to determine which one is liable for the backdoor. When a company is unknown '?' sign is used. Near a company name the flag of the state the company is affiliated to is placed. The state is determined either based on corresponding Wikipedia articles, companies official websites, companies registries with addresses. It is a pretty widespread practice of companies being registered in the state other than the one they operating, so if it is known that the company contains mostly of citizens of some state, flag of that state can also be used. If company name is unknown, but in the report the state of origin is speculated the flag near '?' sign is put. The last column contains references, searcheable strings, keywords, reference links and other details maynbe useful to find more information about a backdoor to make your own opinion.

strange_strings present in the last column follow 3 purposes:
1 they are pretty unique and can be used to find more info about the backdoor.
2 hence that they are pretty searcheable and can be used to locate the same backdoor in different devices of different companies

login:password are backdoor accounts, which are often hardcoded.

The list

Date Brand or its holder OEM/manufacturer/foundry Firmware vendor Component vendor Details
2018 ๐Ÿ‡บ๐Ÿ‡ธ Staples Inc., Linksys ๐Ÿ‡บ๐Ÿ‡ธ Zonoff, Inc ? ? Staples Connect / Linksys Zonoff root:oemroot [1]
2018-03-08 ๐Ÿ‡ซ๐Ÿ‡ทSchneider Electric ? ? ? [2], ICSA-19-031-01[3], CVE-2018-7800[4]
2018-02-15 ๐Ÿ‡บ๐Ÿ‡ธAruba Networks ? ? ? [5], CVE-2018-7080 [6]
2018-01 ๐Ÿ‡น๐Ÿ‡ผ Moxa Inc. ? ? ? [7], CVE-2018-18395[8]
2018 ๐Ÿ‡บ๐Ÿ‡ธ Cisco ? ? ? CVE-2018-0141[9][10] , CVE-2018-0087[11][12]
2017-10-10 ๐Ÿ‡จ๐Ÿ‡ณ OnePlus ? ? ? OnePlus [13][14]
2017-09-25 ๐Ÿ‡บ๐Ÿ‡ธ FLIR Systems, Inc. ? ? ? FC-334-NTSC, FC-Series ID, FC-Series R, PT-334 200562, D-Series, F-Series root:indigo root:video default:video default: [15] [16]
2017-08-18 ๐Ÿ‡บ๐Ÿ‡ธ Netgear ๐Ÿ‡จ๐Ÿ‡ณ Foxconn ? ? genie[17][18][19]
2017-07-27 ๐Ÿ‡จ๐Ÿ‡ณ multiple ? ๐Ÿ‡จ๐Ÿ‡ณ ? ? Android.Triada.231[20][21]
2017-07-17 - - - ๐Ÿ‡จ๐Ÿ‡ณ NetSarang Backdoor.Win32.ShadowPad.a DOOR[22][23]
2017-04-17 ๐Ÿ‡จ๐Ÿ‡ณ Hikvision ? ? ? DS-2CD2xx2F-I DS-2CD2xx0F-I DS-2CD2xx2FWD DS-2CD4x2xFWD DS-2CD4xx5 DS-2DFx DS-2CD63xx [24] [25] [26] CVE-2017-7921[27]
2017-03-05 ๐Ÿ‡จ๐Ÿ‡ณ Dahua ? ? ? DH-IPC-HDW23A0RN-ZS DH-IPC-HDBW23A0RN-ZS DH-IPC-HDBW13A0SN DH-IPC-HDW13A0SN DH-IPC-HFW13A0SN-W DH-IPC-HDBW13A0SN DH-IPC-HDW13A0SN DH-IPC-HFW13A0SN-W DHI-HCVR51A04HE-S3 DHI-HCVR51A08HE-S3 DHI-HCVR58A32S-S2 , Gen 2, Gen 3 [28] [29] [30]
2017-03-02 ๐Ÿ‡จ๐Ÿ‡ณ DBLTek ? ? ? DBLTek GoIP dbladm[31][32][33]
2016-12-10 ๐Ÿ‡จ๐Ÿ‡ณ Lenovo ? ? ? Android.Sprovider.12.origin, Android.Sprovider.7 [34][35][36]
2016-12-06 ๐Ÿ‡ฏ๐Ÿ‡ต Sony ? ? ? Sony IPELA Engine IP Camera himitunokagi(japanese "secret key") cPoq2fi4cFk zKw2hEr9 primana:primana [37][38]
2016-11-1u multiple ? ? ๐Ÿ‡จ๐Ÿ‡ณ Ragentek oyag.lhzbdvm.com lhzbdvm prugskh debugs[39][40]
๐Ÿ‡จ๐Ÿ‡ณ ? ? ? ? [41]
2016-11-15 multiple: ๐Ÿ‡บ๐Ÿ‡ธ[42]BLU Products, ๐Ÿ‡จ๐Ÿ‡ณ[43]Cubot, ๐Ÿ‡ง๐Ÿ‡ฉ Walton, ๐Ÿ‡จ๐Ÿ‡ณ[44]Ulefone, ๐Ÿ‡ต๐Ÿ‡ฐQMobile, ๐Ÿ‡ฏ๐Ÿ‡ตPanasonic, ๐Ÿ‡ณ๐Ÿ‡ตColors Mobile, etc... ? ๐Ÿ‡จ๐Ÿ‡ณ [42]Adups ? com.adups.fota bigdata.adups.com com.fw.upgrade.sysoper rebootv5.adsunflower.com [45][46] [47] [42]
2016-09-13 ๐Ÿ‡จ๐Ÿ‡ณ Xiaomi ? ? ? com.miui.analytics lastusefulversion [48][49]
2016-07-28 ๐Ÿ‡จ๐Ÿ‡ณ TP-Link ? ? ? HS110 Smart Home Protocol & Device Debug Protocol admin:admin + crippled crypto [50] [51]
2016 ๐Ÿ‡บ๐Ÿ‡ธ Century Link ๐Ÿ‡น๐Ÿ‡ผ Zyxel ? ? PK5001Z 2.6.20.19 admin:CenturyL1nk, root:zyad5001 [52][53] CVE-2016-10401[54]
2016 Many ๐Ÿ‡จ๐Ÿ‡ณ Hangzhou Xiongmai Technology Co., Ltd. ? ? default:tluafed default:OxhlwSG8 [55], [56], [57]
2016-02-12 ๐Ÿ‡น๐Ÿ‡ผ D-Link ? ? ? CVE-2018-6210[58]
2016-01-25 ๐Ÿ‡จ๐Ÿ‡ณ Lenovo ? ? ? Shareit 12345678 [59][60] , CVE-2016-1491 [61], CVE-2016-1490 [62]
2016-01-09 ๐Ÿ‡บ๐Ÿ‡ธ FortiNet ? ? ? FGTAbc11*xy+Qqz27[63][64][65] , CVE-2016-1909[66]
2015-12-18 ๐Ÿ‡บ๐Ÿ‡ธ Juniper ? ? ? CVE-2015-7755[67] <<< %s(un='%s') = %u [68]
2015-11-19 ๐Ÿ‡ฌ๐Ÿ‡ง Arris ? ? ? nested[69]
2015-09-26 ๐Ÿ‡จ๐Ÿ‡ณ ? ? ? ? root:123456 [70]
2015-09-02 Gynoii ? ? ? guest:guest guest:12345 [71], CVE-2015-2881[72]
2015-09-02 Lens Laboratories(f) ? ? ? Peek-a-view LL-BC01W admin:2601hx user:user guest:guest [73], [74][75][76], CVE-2015-2885[77]
2015-09-02 ๐Ÿ‡ณ๐Ÿ‡ฑ Philips Electronics N.V. ? ? ? Philips In.Sight M100 admin:M100-4674448 user:M100-4674448 admin:imd5(10 first chars of MAC) mg3500:merlin admin:/ADMIN/ [78] [79], CVE-2015-2882[80]
2015-09-02 ๐Ÿ‡บ๐Ÿ‡ธ / ๐Ÿ‡จ๐Ÿ‡ณ iBaby Labs, Inc. ? ? ? iBaby M3S admin:admin [81], CVE-2015-2887[82]
2015-09-02 ๐Ÿ‡บ๐Ÿ‡ธ Summer Infant Inc. ? ? ? 1 http://www.nbcnewyork.com/news/local/Baby-Monitor- Security-Research-324169831.htmlMsC@dm1n!:Auth3nt1c@T3[83] [84]; 2 [85], CVE-2015-2888[86]
2015-08-30 ? ? ? ๐Ÿ‡จ๐Ÿ‡ณ ? MVPower JUAN-Device lawishere@yeah.net [87] [88]
2015-06-30 ๐Ÿ‡จ๐Ÿ‡ณ Allwinner ? ? ? rootmydevice[89][90], CVE-2016-10225[91]
2015 ๐Ÿ‡บ๐Ÿ‡ธ Supermicro ๐Ÿ‡จ๐Ÿ‡ณ ? ? Hardware backdoor via an additional disguised chip on servsr mainboards [92][93]
2015-05-?? ๐Ÿ‡จ๐Ÿ‡ณ Lenovo ? ? ? BIOS backdoor using Windows Platform Binary Table [94][95]
2015-02-12 ๐Ÿ‡บ๐Ÿ‡ธ Grandstream ๐Ÿ‡จ๐Ÿ‡ณ ? ? ? gshz a50ba3e905c0627eb0a204d82880fb46 sfTXrhCA2010 dspg_cordless_config [96] [97][98][99]
2015-01 ๐Ÿ‡ท๐Ÿ‡บ๐Ÿ‡จ๐Ÿ‡ณ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡ง๐Ÿ‡พ๐Ÿ‡ฎ๐Ÿ‡ท... multiple... ? ? ๐Ÿ‡จ๐Ÿ‡ณ ? Cosiloon[100], Android.DownLoader.473.origin com.google.e<Something>Service[101][102]
2015-01-14 ๐Ÿ‡จ๐Ÿ‡ณ Dahua ? ? ? admin:7ujMko0<hardcoded[103] password to web interface>[104][105][106], [107][108]
2014-12-18 ๐Ÿ‡จ๐Ÿ‡ณYulong ? ? ? CoolReaper coolyun.com 51Coolpad.com 3.142.37.149 com.android.update.dmp persyst.sys.presetota.flag BackDoorManager processBackDoor [109][110][111]
2014-09-23 ๐Ÿ‡ฌ๐Ÿ‡ง Arris, ๐Ÿ‡บ๐Ÿ‡ธ Motorolla ? ? ? technician yZgO8Bvj [112][113]
2014-09-21 ๐Ÿ‡จ๐Ÿ‡ณ Lenovo ? ? ? SuperFish[114][115][116][117][118][119][120][121][122]
2014-09-13 ๐Ÿ‡จ๐Ÿ‡ณ Nexx ? ? ? Nexx WT1520H nexxadmin:y1n2inc.com0755 [123][124][125][126]
2014-08-25 ๐Ÿ‡จ๐Ÿ‡ณ Netis/ ๐Ÿ‡จ๐Ÿ‡ณ Netcore ๐Ÿ‡จ๐Ÿ‡ณ Netcore ? ? Netis/Netcore 53413 netcore[127][128]
2014-08-19 ๐Ÿ‡จ๐Ÿ‡ณ Huawei ? ? ? Huawei zzfdfwetljioi34004t50jodjgkjgjiyte894uifdug89h98y3hjhgjdgjuihjqq admin:HW4GCPE[129][130]
2014-08-07 ๐Ÿ‡จ๐Ÿ‡ณ Xiaomi ? ? ? api.account.xiaomi.com[131][132]
2014-07-?? ๐Ÿ‡น๐Ÿ‡ผ D-Link, ๐Ÿ‡บ๐Ÿ‡ธ WD ๐Ÿ‡น๐Ÿ‡ผ D-Link ? ? mydlinkBRionyg:abc12345cba[133][134]
2014-06-16 ๐Ÿ‡จ๐Ÿ‡ณ Star ? ? ? Android.Trojan.Uupay.D [135][136]
2014-03-31 ๐Ÿ‡จ๐Ÿ‡ณ ? ? ? ๐Ÿ‡จ๐Ÿ‡ณ Goohy Trojan.AndroidOS.Uupay.a[137]
2014-02-03 ๐Ÿ‡จ๐Ÿ‡ณ ZTE ? ? ? admin:<last 4 hex digits of MAC address>airocon[138][139][140], CVE-2014-0329[141][142]
2014-01-28 ๐Ÿ‡ฐ๐Ÿ‡ท Samsung ? ? ? baseband backdoor [143][144]
2014-01-10 ๐Ÿ‡บ๐Ÿ‡ธ Cisco ? ? ? CVE-2014-0659[145][146]
2013-12-31 ๐Ÿ‡บ๐Ÿ‡ธ Linksys, ๐Ÿ‡บ๐Ÿ‡ธ Netgear, ๐Ÿ‡บ๐Ÿ‡ธ Cisco, ๐Ÿ‡บ๐Ÿ‡ธ Diamond Multimedia ? ๐Ÿ‡น๐Ÿ‡ผ SerComm ? ScMM[147][148] , CVE-2014-0659[149]
2013-10-24 ๐Ÿ‡บ๐Ÿ‡ธStem Innovation (Iconoscope) ? ? ? root[150][151][152]
2013-10-17 ๐Ÿ‡จ๐Ÿ‡ณ Tenda & Medialink ? ? ? Tenda & Medialink w302r_mfg[153][154]
2013-07-11 ๐Ÿ‡บ๐Ÿ‡ธ HP ? ? ? HP D2D/StorOnce HPSupport:badg3r5[155][156][157], [158]
2013-07-02 ๐Ÿ‡บ๐Ÿ‡ธ HP ? ? ? RedHook LHN 4.1 SKEY 20030101 - Kelly [159][160] , CVE-2013-2352[161]
2013-04-30 ๐Ÿ‡น๐Ÿ‡ผ D-Link ? ? ? Alphanetworks:wrg_<something>_<router model name>[162][163], CVE-2017-14421[164]
? ๐Ÿ‡จ๐Ÿ‡ณ TP-Link ? ? ? userRpmNatDebugRpm26525557 osteam:5up linux_cmdline.html[165][166][167]
2013-02-12 ๐Ÿ‡จ๐Ÿ‡ณ TP-Link ? ? ? userRpmNatDebugRpm26525557 [168] and start_art.html nart.out[169]
2012-11-26 ๐Ÿ‡ฐ๐Ÿ‡ท Samsung, ๐Ÿ‡บ๐Ÿ‡ธ Dell ๐Ÿ‡ฐ๐Ÿ‡ท Samsung ? ? s!a@m#n$p%c[170][171][172][173], CVE-2012-4964[174]
2012-11-20 ๐Ÿ‡บ๐Ÿ‡ธ Barracuda Networks ? ? ? [175]
2012-05-10 ๐Ÿ‡จ๐Ÿ‡ณ ZTE ? ? ? ZTE sync_agent ztex1609523[176][177], CVE-2012-2949[178]
2012-04-23 ๐Ÿ‡บ๐Ÿ‡ธ RuggedCom ? ? ? factory 999999929 [179][180][181][182], CVE-2012-1803[183], CVE-2012-2441[184]
2012-03-21 ๐Ÿ‡บ๐Ÿ‡ธ AT&T ๐Ÿ‡บ๐Ÿ‡ธ Cisco[185] ? ? BackdoorPacketCmdLine_req 234.2.2.7 [186][187]
2012-01-23 ๐Ÿ‡ซ๐Ÿ‡ทSchneider Electric, ๐Ÿ‡ฉ๐Ÿ‡ช WAGO Kontakttechnik and other ? ? ๐Ÿ‡ฉ๐Ÿ‡ช 3-S Smart Software Solutions CVE-2011-4859[188] , CVE-2012-4879[189], [190][191],[192][193][194][195]
2011-12-26 ๐Ÿ‡บ๐Ÿ‡ธ Intel ? ๐Ÿ‡จ๐Ÿ‡ณ ? ? Chinese-manufactured Intel server mainboards[196]
2011-09-15 ๐Ÿ‡น๐Ÿ‡ผ D-Link ? ? ? xmlset_roodkcableoj28840ybtide[197][198][199], CVE-2013-6026[200][201]
2010 ๐Ÿ‡บ๐Ÿ‡ธ Trendnet ? ? ? TV-IP110W TV-IP110WN TV-IP322P TV-IP110WN TV-IP410 TV-IP121W TV-IP410W TV-IP121WN TV-IP410WN TV-IP121WN TV-IP422 TV-IP212 TV-IP422W TV-IP212W TV-IP422WN TV-IP252P TV-VS1 TV-IP312 TV-VS1P netcam [202] [203] [204]
2009? ๐Ÿ‡ฌ๐Ÿ‡ง Arris ? ? ? MPSJKMDHAI[205][206][207][208][209]

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You canโ€™t perform that action at this time.