Comtrend HG536+ backdoor

I found a failsafe mode in router Comtrend HG536+ it permits to upload new firmware without checking user and password credentials

Normal Comtrend web access:

Press reset button with a paperclip and don't pull up

Wait until Power and ALARM lights turn off (don't pull up yet!)

The power light turns on and after some senconds it turns off again

(WLAN And your ethernet plug light is on during all the process)

Access to router IP, It shows upload new firmware web page without asking username or password

Upload new firmware with known password, and wait until the router ups the network again

Access another time to the router IP, and use your username and password :)

Posted at BinaryCell


Popular Posts