09 October 2010

Comtrend HG536+ backdoor

I found a failsafe mode in router Comtrend HG536+ it permits to upload new firmware without checking user and password credentials

Normal Comtrend web access:

Press reset button with a paperclip and don't pull up

Wait until Power and ALARM lights turn off (don't pull up yet!)

The power light turns on and after some senconds it turns off again

(WLAN And your ethernet plug light is on during all the process)

Access to router IP, It shows upload new firmware web page without asking username or password

Upload new firmware with known password, and wait until the router ups the network again

Access another time to the router IP, and use your username and password :)

Posted at BinaryCell

No comments:

Post a Comment

Disclaimer: In no event shall the blog owner, be liable for any damages, including without limitation, special, indirect or consequential damages, or any damages, whatsoever resulting from access or use, or inability to access or use this Website or arising out of any materials, information, qualifications or recommendations on this Website.