Skip to content

Instantly share code, notes, and snippets.

@KOLANICH KOLANICH/Backdoors.mediawiki Secret

Last active Feb 4, 2019
Embed
What would you like to do?
The incomplete list of backdoors
= List of vendor-shipped backdoors =
== About this list ==
Here is the incomplete (only a [[wiktionary:tip of the iceberg|tip of the iceberg]]) list of vendor-shipped [[Vulnerability|vulnerabilities]] and [[potentially unwanted software]] which are likely to be and often considered by the security researchers who have discovered them, and sometimes even by its developers as [[backdoor]]s, based on third-party reports (usually cybersecurity companies and independent researchers). The date indicates the earliest date (if you find an earlier date please replace it) relating to that backdoor. It may be either a report date, or the date mentioned in the report by the researcher(s) who have discovered the backdoor, or the date of the earliest firmware version it was reported the backdoor is present. Then follows the list of names of companies who developed the relevant parts device since it may be impossible to determine which one is liable for the backdoor. When a company is unknown '?' sign is used. Near a company name the flag of the state the company is affiliated to is placed. The state is determined either based on corresponding [[Wikipedia]] articles, companies official websites, companies registries with addresses. It is a pretty widespread practice of companies being registered in the state other than the one they operating, so if it is known that the company contains mostly of citizens of some state, flag of that state can also be used. If company name is unknown, but in the report the state of origin is speculated the flag near '?' sign is put. The last column contains references, searcheable strings, keywords, reference links and other details maynbe useful to find more information about a backdoor to make your own opinion.
<code>strange_strings</code> present in the last column follow 3 purposes:<br/>
1 they are pretty unique and can be used to find more info about the backdoor.<br/>
2 hence that they are pretty searcheable and can be used to locate the same backdoor in different devices of different companies
<code>login</code>:<code>password</code> are backdoor [[account]]s, which are often [[hardcode]]d.
== The list ==
{| class="wikitable"
|-
! Date
! [[Brand]] or its holder
! [[OEM]]/[[manufacturer]]/[[foundry]]
! [[Firmware]] [[vendor]]
! Component [[vendor]]
! Details
|-
| 2018
| ๐Ÿ‡บ๐Ÿ‡ธ [[Staples Inc.]], [[Linksys]]
| ๐Ÿ‡บ๐Ÿ‡ธ Zonoff, Inc
| ?
| ?
| Staples Connect / Linksys Zonoff <code>root</code>:<code>oemroot</code> <ref>https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20presentations/Heres,%20Etemadieh,%20Baker%20and%20Nielsen%20-%20Updated/DEFCON-22-Heres-Etemadieh-Baker-Nielsen-Hack-All-The-Things-UPDATED.pdf</ref>
|-
| 2018-03-08
| ๐Ÿ‡ซ๐Ÿ‡ท[[Schneider Electric]]
| ?
| ?
| ?
| <ref>https://download.schneider-electric.com/files?p_enDocType=Software+-+Release+Notes&p_File_Name=SEVD-2018-354-01_Security+Notification.pdf&p_Doc_Ref=SEVD-2018-354-01</ref>, ICSA-19-031-01<ref>https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01</ref>, CVE-2018-7800<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7800</ref>
|-
| 2018-02-15
|๐Ÿ‡บ๐Ÿ‡ธ[[Aruba Networks]]
| ?
| ?
| ?
| <ref>https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt</ref>, CVE-2018-7080 <ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7080</ref>
|-
| 2018-01
| ๐Ÿ‡น๐Ÿ‡ผ Moxa Inc.
| ?
| ?
| ?
| <ref>https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-023-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-hidden-token-access/</ref>, CVE-2018-18395<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18395</ref>
|-
| 2018
| ๐Ÿ‡บ๐Ÿ‡ธ [[Cisco]]
| ?
| ?
| ?
| CVE-2018-0141<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0141</ref><ref>https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp CVE-2018-0141</ref> , CVE-2018-0087<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0087</ref><ref>https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-wsa</ref>
|-
| 2017-10-10
| ๐Ÿ‡จ๐Ÿ‡ณ [[OnePlus]]
| ?
| ?
| ?
| OnePlus <ref>https://www.chrisdcmoore.co.uk/post/oneplus-analytics/</ref><ref>https://forums.oneplus.com/threads/lets-talk-about-oxygenos-analytics.654820/</ref>
|-
| 2017-09-25
| ๐Ÿ‡บ๐Ÿ‡ธ FLIR Systems, Inc.
| ?
| ?
| ?
| FC-334-NTSC, FC-Series ID, FC-Series R, PT-334 200562, D-Series, F-Series <code>root</code>:<code>indigo</code> <code>root</code>:<code>video</code> <code>default</code>:<code>video</code> <code>default</code>:<code></code> <ref>https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5436.php</ref> <ref>https://dl.packetstormsecurity.net/1709-exploits/ZSL-2017-5436.txt</ref>
|-
| 2017-08-18
| ๐Ÿ‡บ๐Ÿ‡ธ [[Netgear]]
| ๐Ÿ‡จ๐Ÿ‡ณ [[Foxconn]]
| ?
| ?
| <code>genie</code><ref>https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilities-in-NETGEAR-Routers/</ref><ref>https://kb.netgear.com/000045848/Security-Advisory-for-Password-%20Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677</ref><ref>https://kb.netgear.com/000048998/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-or-Modem-Routers-PSV-2017-1208</ref>
|-
| 2017-07-27
| ๐Ÿ‡จ๐Ÿ‡ณ multiple
| ?
| ๐Ÿ‡จ๐Ÿ‡ณ ?
| ?
| Android.Triada.231<ref>https://news.drweb.com/news/?i=11390&lng=en</ref><ref>https://vms.drweb.com/virus/?_is=1&i=15503184</ref>
|-
| 2017-07-17
| -
| -
| -
| ๐Ÿ‡จ๐Ÿ‡ณ [[NetSarang]]
| Backdoor.Win32.ShadowPad.a <code>DOOR</code><ref>https://securelist.com/shadowpad-in-corporate-networks/81432/</ref><ref>https://www.netsarang.com/news/security_exploit_in_july_18_2017_build.html</ref>
|-
| 2017-04-17
| ๐Ÿ‡จ๐Ÿ‡ณ [[Hikvision]]
| ?
| ?
| ?
| DS-2CD2xx2F-I DS-2CD2xx0F-I DS-2CD2xx2FWD DS-2CD4x2xFWD DS-2CD4xx5 DS-2DFx DS-2CD63xx <ref>https://github.com/bp2008/HikPasswordHelper/blob/master/HikvisionPasswordResetHelper/Main.cs</ref> <ref>https://packetstormsecurity.com/files/144097/Hikvision-IP-Camera-Access-Bypass.html</ref> <ref>https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01</ref> CVE-2017-7921<ref>https://nvd.nist.gov/vuln/detail/CVE-2017-7921</ref>
|-
| 2017-03-05
| ๐Ÿ‡จ๐Ÿ‡ณ [[Dahua_(electronics)|Dahua]]
| ?
| ?
| ?
| DH-IPC-HDW23A0RN-ZS DH-IPC-HDBW23A0RN-ZS DH-IPC-HDBW13A0SN DH-IPC-HDW13A0SN DH-IPC-HFW13A0SN-W DH-IPC-HDBW13A0SN DH-IPC-HDW13A0SN DH-IPC-HFW13A0SN-W DHI-HCVR51A04HE-S3 DHI-HCVR51A08HE-S3 DHI-HCVR58A32S-S2 , Gen 2, Gen 3 <ref>https://github.com/mcw0/PoC/blob/master/dahua-backdoor-PoC.py</ref> <ref>https://seclists.org/fulldisclosure/2017/Mar/7</ref> <ref>https://krebsonsecurity.com/tag/dahua-backdoor/</ref>
|-
| 2017-03-02
| ๐Ÿ‡จ๐Ÿ‡ณ [[DBLTek]]
| ?
| ?
| ?
| DBLTek GoIP <code>dbladm</code><ref>https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/</ref><ref>https://github.com/JacobMisirian/DblTekGoIPPwn</ref><ref>https://github.com/1585sec/1585sec.github.io/blob/9faeeda6aede139b28d74d2dce6a8d81f4191cce/_posts/2017-3-3-Backdoor-Gateway.md</ref>
|-
| 2016-12-10
| ๐Ÿ‡จ๐Ÿ‡ณ [[Lenovo]]
| ?
| ?
| ?
| Android.Sprovider.12.origin, Android.Sprovider.7 <ref>https://news.drweb.com/show/?i=10345&lng=en</ref><ref>https://vms.drweb.com/virus/?_is=1&i=9011972</ref><ref>https://vms.drweb.com/virus/?_is=1&i=9011970</ref>
|-
| 2016-12-06
| ๐Ÿ‡ฏ๐Ÿ‡ต [[Sony]]
| ?
| ?
| ?
| Sony IPELA Engine IP Camera <code>himitunokagi</code>(japanese "secret key") <code>cPoq2fi4cFk</code> <code>zKw2hEr9</code> <code>primana</code>:<code>primana</code> <ref>https://www.sec-consult.com/en/blog/2016/12/backdoor-in-sony-ipela-engine-ip-cameras/index.html</ref><ref>https://vuldb.com/?id.93966</ref>
|-
| 2016-11-1u
| multiple
| ?
| ?
| ๐Ÿ‡จ๐Ÿ‡ณ [[Ragentek]]
| <code>oyag.lhzbdvm.com</code> <code>lhzbdvm</code> <code>prugskh</code> <code>debugs</code><ref>http://blog.anubisnetworks.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack</ref><ref>https://www.kb.cert.org/vuls/id/624539</ref>
|-
| ๐Ÿ‡จ๐Ÿ‡ณ
| ?
| ?
| ?
| ?
| <ref>https://blog.avast.com/android-device-firmware-cheats-chinese-ad-networks-avast</ref>
|-
| 2016-11-15
| multiple: ๐Ÿ‡บ๐Ÿ‡ธ<ref name="FTC_complaint"/>[[BLU Products]], ๐Ÿ‡จ๐Ÿ‡ณ<ref name="cubot_location">https://www.cubot.net/contact/</ref>[[Shenzhen Huafurui Technology Co., Ltd|Cubot]], ๐Ÿ‡ง๐Ÿ‡ฉ [[Walton Group|Walton]], ๐Ÿ‡จ๐Ÿ‡ณ<ref name="ulefone_contacts">http://ulefone.com/contact.html</ref>[[Ulefone]], ๐Ÿ‡ต๐Ÿ‡ฐ[[QMobile]], ๐Ÿ‡ฏ๐Ÿ‡ต[[Panasonic]], ๐Ÿ‡ณ๐Ÿ‡ต[[Colors Mobile]], etc...
| ?
| ๐Ÿ‡จ๐Ÿ‡ณ <ref name="FTC_complaint"/>[[ADUPS Technology Co., LTD|Adups]]
| ?
| <code>com.adups.fota</code> <code>bigdata.adups.com</code> <code>com.fw.upgrade.sysoper</code> <code> rebootv5.adsunflower.com</code> <ref>https://www.kryptowire.com/adups_security_analysis.html</ref><ref>https://blog.avast.com/your-android-could-be-sending-messages-to-china</ref> <ref>https://www.blackhat.com/docs/us-17/wednesday/us-17-Johnson-All-Your-SMS-&-Contacts-Belong-To-Adups-&-Others.pdf</ref> <ref name="FTC_complaint">https://www.ftc.gov/system/files/documents/cases/1723025_blu_complaint_4-30-18.pdf</ref>
|-
| 2016-09-13
| ๐Ÿ‡จ๐Ÿ‡ณ [[Xiaomi]]
| ?
| ?
| ?
| <code>com.miui.analytics</code> <code>lastusefulversion</code> <ref>http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/</ref><ref>https://www.androidheadlines.com/2016/09/xiaomi-officially-responds-to-recent-backdoor-accusations.html</ref>
|-
| 2016-07-28
| ๐Ÿ‡จ๐Ÿ‡ณ [[TP-Link]]
| ?
| ?
| ?
| HS110 Smart Home Protocol & Device Debug Protocol <code>admin</code>:<code>admin</code> + crippled crypto <ref>https://www.softscheck.com/en/reverse-engineering-tp-link-hs110/</ref> <ref>https://github.com/softScheck/tplink-smartplug</ref>
|-
| 2016
| ๐Ÿ‡บ๐Ÿ‡ธ [[Century Link]]
| ๐Ÿ‡น๐Ÿ‡ผ [[Zyxel]]
| ?
| ?
| PK5001Z 2.6.20.19 <code>admin</code>:<code>CenturyL1nk</code>, <code>root</code>:<code>zyad5001</code> <ref>https://www.exploit-db.com/exploits/43105/</ref><ref>https://github.com/droberson/rtfm/blob/master/defaults.md</ref> CVE-2016-10401<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10401</ref>
|-
| 2016
| Many
| ๐Ÿ‡จ๐Ÿ‡ณ Hangzhou Xiongmai Technology Co., Ltd.
| ?
| ?
| <code>default:tluafed</code> <code>default:OxhlwSG8</code> <ref>https://sec-consult.com/en/blog/2018/10/millions-of-xiongmai-video-surveillance-devices-can-be-hacked-via-cloud-feature-xmeye-p2p-cloud/</ref>, <ref>https://research.google.com/pubs/archive/46301.pdf</ref>, <ref>https://krebsonsecurity.com/2018/10/naming-shaming-web-polluters-xiongmai/</ref>
|-
| 2016-02-12
| ๐Ÿ‡น๐Ÿ‡ผ [[D-Link]]
| ?
| ?
| ?
| CVE-2018-6210<ref>https://securelist.com/backdoors-in-d-links-backyard/85530/</ref>
|-
| 2016-01-25
| ๐Ÿ‡จ๐Ÿ‡ณ [[Lenovo]]
| ?
| ?
| ?
| Shareit <code>12345678</code> <ref>https://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities</ref><ref>https://support.lenovo.com/us/en/product_security/len_4058</ref> , CVE-2016-1491 <ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1491</ref>, CVE-2016-1490 <ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1490</ref>
|-
| 2016-01-09
| ๐Ÿ‡บ๐Ÿ‡ธ [[FortiNet]]
| ?
| ?
| ?
| <code>FGTAbc11*xy+Qqz27</code><ref>http://seclists.org/fulldisclosure/2016/Jan/26</ref><ref> https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb</ref><ref>https://github.com/qashqao/routersploit/blob/541ba37ff989ef867946b7e0f64001cd34b9d315/routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py</ref> , CVE-2016-1909<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1909</ref>
|-
| 2015-12-18
| ๐Ÿ‡บ๐Ÿ‡ธ [[Juniper]]
| ?
| ?
| ?
| CVE-2015-7755<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7755</ref> <code><<< %s(un='%s') = %u</code> <ref>https://blog.rapid7.com/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor/</ref>
|-
| 2015-11-19
| ๐Ÿ‡ฌ๐Ÿ‡ง [[Arris_Group|Arris]]
| ?
| ?
| ?
| nested<ref>https://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html</ref>
|-
| 2015-09-26
| ๐Ÿ‡จ๐Ÿ‡ณ ?
| ?
| ?
| ?
| <code>root</code>:<code>123456</code> <ref>https://jumpespjump.blogspot.com/2015/09/how-i-hacked-my-ip-camera-and-found.html</ref>
|-
| 2015-09-02
| Gynoii
| ?
| ?
| ?
| <code>guest</code>:<code>guest</code> <code>guest</code>:<code>12345</code> <ref>https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf</ref>, CVE-2015-2881<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2881</ref>
|-
| 2015-09-02
| Lens Laboratories(f)
| ?
| ?
| ?
| Peek-a-view LL-BC01W <code>admin</code>:<code>2601hx</code> <code>user</code>:<code>user</code> <code>guest</code>:<code>guest</code> <ref>https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf</ref>, <ref>https://github.com/how2security/Security/blob/67ee201f24c5a175cb6b85e44471172230908aa4/Doc/TXT/brute_telnet.py#L318</ref><ref>https://github.com/timberhome/poormans-honeypot/blob/32ecb7c6c19bc58345fdca9f177e223a0431ffe8/passwds#L368</ref><ref>https://github.com/EasyDSS/EasyCamera/blob/08e7d7dc59b91bc2804952d43c548da0f89b09f7/README.md#L148</ref>, CVE-2015-2885<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2885</ref>
|-
| 2015-09-02
| ๐Ÿ‡ณ๐Ÿ‡ฑ [[Philips Electronics]] N.V.
| ?
| ?
| ?
| Philips In.Sight M100 <code>admin</code>:<code>M100-4674448</code> <code>user</code>:<code>M100-4674448</code> <code>admin</code>:<code>i</code>md5(10 first chars of MAC) <code>mg3500</code>:<code>merlin</code> <code>admin</code>:<code>/ADMIN/</code> <ref>http://www.darkport.co.uk/a-close-look-at-the-philips-in-sight-ip-camera-range</ref> <ref>https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf</ref>, CVE-2015-2882<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2882</ref>
|-
| 2015-09-02
| ๐Ÿ‡บ๐Ÿ‡ธ / ๐Ÿ‡จ๐Ÿ‡ณ iBaby Labs, Inc.
| ?
| ?
| ?
| iBaby M3S <code>admin</code>:<code>admin</code> <ref>https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf</ref>, CVE-2015-2887<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2887</ref>
|-
| 2015-09-02
| ๐Ÿ‡บ๐Ÿ‡ธ Summer Infant Inc.
| ?
| ?
| ?
| 1 <code>http://www.nbcnewyork.com/news/local/Baby-Monitor-
Security-Research-324169831.html</code><code>MsC@dm1n!</code>:<code>Auth3nt1c@T3</code><ref>https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20presentations/Heres,%20Etemadieh,%20Baker%20and%20Nielsen%20-%20Updated/DEFCON-22-Heres-Etemadieh-Baker-Nielsen-Hack-All-The-Things-UPDATED.pdf</ref> <ref>https://www.exploitee.rs/index.php/Summer_Baby_Zoom_WiFi%E2%80%8B%E2%80%8B#Hardcoded_MFG_Credentials</ref>; 2 <ref>https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf</ref>, CVE-2015-2888<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2888</ref>
|-
| 2015-08-30
| ?
| ?
| ?
| ๐Ÿ‡จ๐Ÿ‡ณ ?
| [[MVPower]] JUAN-Device <code>lawishere@yeah.net</code> <ref>https://www.pentestpartners.com/security-blog/pwning-cctv-cameras/</ref> <ref>https://web.archive.org/web/20151010191622/https://github.com/lawishere/JUAN-Device/issues/1</ref>
|-
| 2015-06-30
| ๐Ÿ‡จ๐Ÿ‡ณ [[Allwinner]]
| ?
| ?
| ?
| <code>rootmydevice</code><ref>https://github.com/allwinner-zh/linux-3.4-sunxi/blob/bd5637f7297c6abf78f93b31fc1dd33f2c1a9f76/arch/arm/mach-sunxi/sunxi-debug.c#L41</ref><ref>https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/local/allwinner_backdoor.rb</ref>, CVE-2016-10225<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10225</ref>
|-
| 2015
| ๐Ÿ‡บ๐Ÿ‡ธ [[Supermicro]]
| ๐Ÿ‡จ๐Ÿ‡ณ
| ?
| ?
| Hardware backdoor via an additional disguised chip on servsr mainboards <ref>https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies</ref><ref>https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-inside-the-bag-of-tech-tricks-used-by-china-spies</ref>
|-
| 2015-05-??
| ๐Ÿ‡จ๐Ÿ‡ณ [[Lenovo]]
| ?
| ?
| ?
| [[BIOS]] backdoor using [https://download.microsoft.com/download/8/A/2/8A2FB72D-9B96-4E2D-A559-4A27CF905A80/windows-platform-binary-table.docx Windows Platform Binary Table] <ref>https://arstechnica.com/civis/viewtopic.php?p=29497693#p29497693</ref><ref>http://blog.virustotal.com/2016/01/putting-spotlight-on-firmware-malware_27.html</ref>
|-
| 2015-02-12
| ๐Ÿ‡บ๐Ÿ‡ธ [[Grandstream]]
| ๐Ÿ‡จ๐Ÿ‡ณ ?
| ?
| ?
| <code>gshz</code> <code>a50ba3e905c0627eb0a204d82880fb46</code> <code>sfTXrhCA2010</code> <code>dspg_cordless_config</code> <ref>https://habrahabr.ru/post/250403/</ref> <ref>https://habrahabr.ru/post/249855/</ref><ref>https://www.exploit-db.com/exploits/37531/</ref><ref>https://archive.fo/vejGE</ref>
|-
| 2015-01
| ๐Ÿ‡ท๐Ÿ‡บ๐Ÿ‡จ๐Ÿ‡ณ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡ง๐Ÿ‡พ๐Ÿ‡ฎ๐Ÿ‡ท... multiple...
| ?
| ?
| ๐Ÿ‡จ๐Ÿ‡ณ ?
| Cosiloon<ref>https://blog.avast.com/android-devices-ship-with-pre-installed-malware</ref>, Android.DownLoader.473.origin <code>com.google.e</code>&lt;Something&gt;<code>Service</code><ref>https://news.drweb.com/show/?i=10345&lng=en</ref><ref>https://vms.drweb.com/virus/?_is=1&i=9010703</ref>
|-
| 2015-01-14
| ๐Ÿ‡จ๐Ÿ‡ณ [[Dahua_(electronics)|Dahua]]
| ?
| ?
| ?
| <code>admin</code>:<code>7ujMko0</code>&lt;hardcoded<ref>https://sergei.nz/exploring-dahua-firmware/</ref> password to web interface&gt;<ref>https://sergei.nz/extracting-password-from-dahua-firmware-image/</ref><ref>http://www.cctvforum.com/viewtopic.php?f=19&t=44381</ref><ref>http://www.cctvforum.com/viewtopic.php?p=253713#p253713</ref>, <ref>https://github.com/jgamblin/Mirai-Source-Code/blob/6a5941be681b839eeff8ece1de8b245bcd5ffb02/mirai/bot/scanner.c#L167L168</ref><ref>https://www.kb.cert.org/vuls/id/248083</ref>
|-
| 2014-12-18
| ๐Ÿ‡จ๐Ÿ‡ณ[[Coolpad_Group|Yulong]]
| ?
| ?
| ?
| CoolReaper <code>coolyun.com</code> <code>51Coolpad.com</code> <code>3.142.37.149</code> <code>com.android.update.dmp</code> <code>persyst.sys.presetota.flag</code> <code>BackDoorManager</code> <code>processBackDoor</code> <ref>https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-cool-reaper.pdf</ref><ref>https://www.symantec.com/security-center/writeup/2015-011220-3211-99?tabid=2</ref><ref>https://github.com/RsbCode/maltrail/blob/88056ee37968542b6407e4e48d7475bc5a70da77/trails/static/malware/android_coolreaper.txt</ref>
|-
| 2014-09-23
| ๐Ÿ‡ฌ๐Ÿ‡ง [[Arris_Group|Arris]], ๐Ÿ‡บ๐Ÿ‡ธ [[Motorolla]]
| ?
| ?
| ?
| <code>technician</code> <code>yZgO8Bvj</code> <ref>https://console-cowboys.blogspot.com/2014/09/arris-cable-modem-backdoor-im.html</ref><ref>https://blog.rapid7.com/2015/04/08/r7-2015-01-csrf-backdoor-and-persistent-xss-on-arris-motorola-cable-modems/</ref>
|-
| 2014-09-21
| ๐Ÿ‡จ๐Ÿ‡ณ [[Lenovo]]
| ?
| ?
| ?
| SuperFish<ref>https://blog.erratasec.com/2015/02/extracting-superfish-certificate.html</ref><ref>https://vms.drweb.com/virus/?_is=2&i=4354988</ref><ref>https://vms.drweb.com/virus/?_is=2&i=4354986</ref><ref>https://arstechnica.com/information-technology/2015/02/ssl-busting-code-that-threatened-lenovo-users-found-in-a-dozen-more-apps/</ref><ref>https://github.com/cryptostorm-dev/komodia</ref><ref>https://home.mcafee.com/virusinfo/virusprofile.aspx?key=9593355</ref><ref>https://support.eset.com/kb3663/</ref><ref>https://www.avira.com/en/support-threats-summary/tid/23987/threat/Adware.SuperFish.1348808</ref><ref> https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA:Win32/Komodia</ref>
|-
| 2014-09-13
| ๐Ÿ‡จ๐Ÿ‡ณ [[Nexx_(electronics)|Nexx]]
| ?
| ?
| ?
| Nexx WT1520H <code>nexxadmin</code>:<code>y1n2inc.com0755</code> <ref>https://habrahabr.ru/post/238713/</ref><ref>https://github.com/borlandaxe/cham/blob/67881d11d6523c1d85e22b877591eed176e8cd58/scripts/wt3020/stock/connect.ep</ref><ref> https://github.com/fabianhu/WT3020-16MB/blob/61ff55bf0f606b1d644dc9ffbc4eb663f4c9eca0/wt3020%20upgrade%20to%2016M%20and%20LEDE.txt</ref><ref>https://github.com/JeremyOne/wt3020OpenWRT/blob/c6254a6c936572f5d6ceeafd10a69b54b861c81a/README.md</ref>
|-
| 2014-08-25
| ๐Ÿ‡จ๐Ÿ‡ณ [[Netis]]/ ๐Ÿ‡จ๐Ÿ‡ณ [[Netcore]]
| ๐Ÿ‡จ๐Ÿ‡ณ [[Netcore]]
| ?
| ?
| Netis/Netcore 53413 <code>netcore</code><ref>https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/netcore_udp_53413_backdoor.rb</ref><ref>http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/</ref>
|-
| 2014-08-19
| ๐Ÿ‡จ๐Ÿ‡ณ [[Huawei]]
| ?
| ?
| ?
| Huawei <code>zzfdfwetljioi34004t50jodjgkjgjiyte894uifdug89h98y3hjhgjdgjuihjqq</code> <code>admin</code>:<code>HW4GCPE</code><ref>http://blog.asiantuntijakaveri.fi/2014/08/huapwn-backdoor-on-your-huawei-b593u.html</ref><ref>http://opensource.hqcodeshop.com/Huawei%20B593/exploit/latest.pl</ref>
|-
| 2014-08-07
| ๐Ÿ‡จ๐Ÿ‡ณ [[Xiaomi]]
| ?
| ?
| ?
| <code>api.account.xiaomi.com</code><ref>https://www.f-secure.com/weblog/archives/00002731.html</ref><ref>https://plus.google.com/+HugoBarra/posts/bkJTXzyXXmj</ref>
|-
| 2014-07-??
| ๐Ÿ‡น๐Ÿ‡ผ [[D-Link]], ๐Ÿ‡บ๐Ÿ‡ธ [[WD]]
| ๐Ÿ‡น๐Ÿ‡ผ [[D-Link]]
| ?
| ?
| <code>mydlinkBRionyg</code>:<code>abc12345cba</code><ref>http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125</ref><ref>https://www.exploit-db.com/exploits/43434/</ref>
|-
| 2014-06-16
| ๐Ÿ‡จ๐Ÿ‡ณ [[Star_(vendor)|Star]]
| ?
| ?
| ?
| <code>Android.Trojan.Uupay.D</code> <ref>https://www.gdatasoftware.com/blog/2014/06/23951-android-smartphone-shipped-with-spyware</ref><ref>https://www.symantec.com/security-center/writeup/2014-061714-1550-99</ref>
|-
| 2014-03-31
| ๐Ÿ‡จ๐Ÿ‡ณ ?
| ?
| ?
| ๐Ÿ‡จ๐Ÿ‡ณ [[Goohy]]
| <code>Trojan.AndroidOS.Uupay.a</code><ref>https://securelist.com/caution-malware-pre-installed/59356/</ref>
|-
| 2014-02-03
| ๐Ÿ‡จ๐Ÿ‡ณ [[ZTE]]
| ?
| ?
| ?
| <code>admin</code>:&lt;last 4 hex digits of MAC address&gt;<code>airocon</code><ref>https://www.kb.cert.org/vuls/id/228886</ref><ref>https://web.archive.org/web/20140818030201/http://blog.alguien.at:80/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html</ref><ref>https://slideshare.net/mobile/codeblue_jp/cb16-ewerson-en</ref>, CVE-2014-0329<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0329</ref><ref>https://www.acunetix.com/vulnerabilities/network/vulnerability/zte-zxv10-w300-wireless-router-hardcoded-credentials-security-bypass-vulnerability/</ref>
|-
| 2014-01-28
| ๐Ÿ‡ฐ๐Ÿ‡ท [[Samsung]]
| ?
| ?
| ?
| baseband backdoor <ref>https://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor</ref><ref>https://spcl.inf.ethz.ch/Teaching/2017-osnet/lectures/osnet_6_1s.pdf</ref>
|-
| 2014-01-10
| ๐Ÿ‡บ๐Ÿ‡ธ [[Cisco]]
| ?
| ?
| ?
| CVE-2014-0659<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0659</ref><ref>https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd</ref>
|-
| 2013-12-31
| ๐Ÿ‡บ๐Ÿ‡ธ [[Linksys]], ๐Ÿ‡บ๐Ÿ‡ธ [[Netgear]], ๐Ÿ‡บ๐Ÿ‡ธ [[Cisco]], ๐Ÿ‡บ๐Ÿ‡ธ [[Diamond Multimedia]]
| ?
| ๐Ÿ‡น๐Ÿ‡ผ [[SerComm]]
| ?
| <code>ScMM</code><ref>https://github.com/elvanderb/TCP-32764</ref><ref>https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd</ref> , CVE-2014-0659<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0659</ref>
|-
| 2013-10-24
| ๐Ÿ‡บ๐Ÿ‡ธStem Innovation (Iconoscope)
| ?
| ?
| ?
| <code>root</code><ref>https://duo.com/blog/izon-ip-camera-hardcoded-passwords-and-unencrypted-data-abound</ref><ref>https://securityledger.com/2013/10/apple-store-favorite-izon-cameras-riddled-with-security-holes/</ref><ref>https://www.acunetix.com/vulnerabilities/network/vulnerability/izon-ip-cameras-hard-coded-credentials/</ref>
|-
| 2013-10-17
| ๐Ÿ‡จ๐Ÿ‡ณ [[Tenda]] &amp; [[Medialink]]
| ?
| ?
| ?
| Tenda &amp; Medialink <code>w302r_mfg</code><ref>http://www.devttys0.com/2013/10/from-china-with-love/</ref><ref>https://github.com/ea/nmap-scripts/blob/master/tenda-backdoor.nse</ref>
|-
| 2013-07-11
| ๐Ÿ‡บ๐Ÿ‡ธ [[HP]]
| ?
| ?
| ?
| HP D2D/StorOnce <code>HPSupport</code>:<code>badg3r5</code><ref>https://web.archive.org/web/20130825101723/http://www.lolware.net/hpstorage.html</ref><ref>https://github.com/noncetonic/msfmodules/blob/8afe9e8382fec9a88078ff140dcedacb563b3051/auxiliary/scanner/ssh/hp_d2d_backdoor.rb</ref><ref>https://github.com/rapid7/metasploit-framework/blob/1ce7bf39381c0789fd8de00d26586569899d650f/data/wordlists/default_userpass_for_services_unhash.txt#L1477</ref>, <ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2342</ref>
|-
| 2013-07-02
| ๐Ÿ‡บ๐Ÿ‡ธ [[HP]]
| ?
| ?
| ?
| <code>RedHook LHN 4.1 SKEY 20030101 - Kelly</code> <ref>https://github.com/technion/lhnskey</ref><ref>https://github.com/Freem93/grammar_nasl_v2/blob/master/plugins/hp_lefthand_support_backdoor.nasl</ref> , CVE-2013-2352<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2352</ref>
|-
| 2013-04-30
| ๐Ÿ‡น๐Ÿ‡ผ [[D-Link]]
| ?
| ?
| ?
| <code>Alphanetworks</code>:<code>wrg_</code>&lt;something&gt;<code>_</code>&lt;router model name&gt;</code><ref>http://www.s3cur1ty.de/dlink-telnet-backdoor</ref><ref>https://github.com/rapid7/metasploit-framework/blob/master/data/wordlists/dlink_telnet_backdoor_userpass.txt</ref>, CVE-2017-14421<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14421</ref>
|-
| ?
| ๐Ÿ‡จ๐Ÿ‡ณ [[TP-Link]]
| ?
| ?
| ?
| <code>userRpmNatDebugRpm26525557</code> <code>osteam</code>:<code>5up</code> <code>linux_cmdline.html</code><ref>https://github.com/bGN4/Lua-Scripts/blob/490d866af7438b6bb9f940697a6ef52e82c5bcd1/router.wlua</ref><ref>https://github.com/bGN4/Lua-Scripts/blob/master/TP-cmd.lua</ref><ref>https://nbctcp.wordpress.com/2016/11/24/tp-link-router-attack/</ref>
|-
| 2013-02-12
| ๐Ÿ‡จ๐Ÿ‡ณ [[TP-Link]]
| ?
| ?
| ?
| <code>userRpmNatDebugRpm26525557</code> <ref>https://openwrt.org/toh/tp-link/tl-mr3040</ref> and <code>start_art.html</code> <code>nart.out</code><ref>https://sekurak.pl/tp-link-httptftp-backdoor/</ref>
|-
| 2012-11-26
| ๐Ÿ‡ฐ๐Ÿ‡ท [[Samsung]], ๐Ÿ‡บ๐Ÿ‡ธ [[Dell]]
| ๐Ÿ‡ฐ๐Ÿ‡ท [[Samsung]]
| ?
| ?
| <code>s!a@m#n$p%c</code><ref>https://web.archive.org/web/20121201035625/http://l8security.com:80/post/36715280176/vu-281284-samsung-printer-snmp-backdoor</ref><ref>https://metasploit.help.rapid7.com/docs/bruteforce-attacks</ref><ref>https://github.com/Freem93/grammar_nasl_v2/blob/master/plugins/snmp_samsung_printer_backdoor.nasl</ref><ref>https://www.kb.cert.org/vuls/id/281284</ref>, CVE-2012-4964<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4964</ref>
|-
| 2012-11-20
| ๐Ÿ‡บ๐Ÿ‡ธ [[Barracuda Networks]]
| ?
| ?
| ?
| <ref>https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt</ref>
|-
| 2012-05-10
| ๐Ÿ‡จ๐Ÿ‡ณ [[ZTE]]
| ?
| ?
| ?
| ZTE <code>sync_agent ztex1609523</code><ref>https://pastebin.com/wamYsqTV</ref><ref>https://web.archive.org/web/20141106203055/https://blog.lookout.com/blog/2012/05/21/zte-security-vulnerability/</ref>, CVE-2012-2949<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2949</ref>
|-
| 2012-04-23
| ๐Ÿ‡บ๐Ÿ‡ธ [[RuggedCom]]
| ?
| ?
| ?
| <code>factory</code> <code>999999929</code> <ref>http://seclists.org/fulldisclosure/2012/Apr/277</ref><ref>https://www.acunetix.com/vulnerabilities/network/vulnerability/rugged-operating-system-backdoor-unauthorized-access-vulnerability/</ref><ref>http://www.ruggedcom.com/productbulletin/ros-security-page/</ref><ref>https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb</ref>, CVE-2012-1803<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1803</ref>, CVE-2012-2441<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2441</ref>
|-
| 2012-03-21
| ๐Ÿ‡บ๐Ÿ‡ธ [[AT&amp;T]]
| ๐Ÿ‡บ๐Ÿ‡ธ [[Cisco]]<ref>https://www.cise.ufl.edu/~jnw/cis4930fa13/Modules/Module54.pdf</ref>
| ?
| ?
| <code>BackdoorPacketCmdLine_req</code> <code>234.2.2.7</code> <ref>https://fail0verflow.com/blog/2012/microcell-fail/</ref><ref>https://alexandercwatson.wordpress.com/2013/10/21/att-microcell-still-full-of-fail/</ref>
|-
| 2012-01-23
| ๐Ÿ‡ซ๐Ÿ‡ท[[Schneider Electric]], ๐Ÿ‡ฉ๐Ÿ‡ช [[WAGO Kontakttechnik]] and other
| ?
| ?
| ๐Ÿ‡ฉ๐Ÿ‡ช [[CODESYS|3-S Smart Software Solutions]]
| CVE-2011-4859<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4859</ref> , CVE-2012-4879<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4879</ref>, <ref>https://ics-cert.us-cert.gov/advisories/ICSA-12-249-02</ref><ref>https://ics-cert.us-cert.gov/advisories/ICSA-12-018-01B</ref>,<ref>https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/scada/modicon_password_recovery.rb</ref><ref>https://github.com/digitalbond/Basecamp</ref><ref>https://www.digitalbond.com/blog/2012/01/19/project-basecamp-at-s4/</ref><ref>https://www.acunetix.com/vulnerabilities/network/vulnerability/schneider-electric-quantum-ethernet-module-hardcoded-credentials-authentication-bypass-vulnerability-1/</ref>
|-
| 2011-12-26
| ๐Ÿ‡บ๐Ÿ‡ธ [[Intel]]
| ?
| ๐Ÿ‡จ๐Ÿ‡ณ ?
| ?
| Chinese-manufactured Intel server mainboards<ref>https://xakep.ru/2011/12/26/58104/</ref>
|-
| 2011-09-15
| ๐Ÿ‡น๐Ÿ‡ผ [[D-Link]]
| ?
| ?
| ?
| <code>xmlset_roodkcableoj28840ybtide</code><ref>http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/</ref><ref>https://pastebin.com/vbiG42VD</ref><ref>https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/dlink_user_agent_backdoor.rb</ref>, CVE-2013-6026<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6026</ref><ref>https://www.kb.cert.org/vuls/id/248083</ref>
|-
| 2010
| ๐Ÿ‡บ๐Ÿ‡ธ Trendnet
| ?
| ?
| ?
| TV-IP110W TV-IP110WN TV-IP322P TV-IP110WN TV-IP410 TV-IP121W TV-IP410W TV-IP121WN TV-IP410WN TV-IP121WN TV-IP422 TV-IP212 TV-IP422W TV-IP212W TV-IP422WN TV-IP252P TV-VS1 TV-IP312 TV-VS1P <code>netcam</code> <ref>https://console-cowboys.blogspot.com/2012/01/trendnet-cameras-i-always-feel-like.html</ref> <ref>http://www.theverge.com/2012/2/3/2767453/trendnet-ip-camera-exploit-4chan</ref> <ref>https://web.archive.org/web/20120208001237/http://www.trendnet.com/langen/press/view.asp?id=1958</ref>
|-
| 2009?
| ๐Ÿ‡ฌ๐Ÿ‡ง [[Arris_Group|Arris]]
| ?
| ?
| ?
| <code>MPSJKMDHAI</code><ref>https://www.borfast.com/projects/arris-password-of-the-day-generator/</ref><ref>https://github.com/bmaia/rext/blob/master/modules/misc/arris/tm602a_password_day.py</ref><ref>https://gist.github.com/marcel-valdez/3837628</ref><ref>https://github.com/hcgonzalezpr/arrispod</ref><ref>https://github.com/daniel-j-h/TM602X</ref>
|}
== References ==
{{reflist}}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You canโ€™t perform that action at this time.