A line of routers from a China-based manufacturer has a serious flaw that could allow a hacker to monitor someone’s Internet traffic, according to research from Trend Micro.
The routers are sold under the Netcore brand name in China and Netis outside of the country, wrote Tim Yeh a threat researcher.
The Netcore and Netis routers have an open UDP port listening at port 53413, which can be accessed from the Internet. The password needed to open up this backdoor is hardcoded into the router’s firmware.
Using the backdoor, hackers could upload or download hostile code and even modify the settings on vulnerable routers in order to to monitor a person’s Internet traffic as part of a so-called man-in-the-middle (MitM) attack.
By attempting MitM attack, a potential attacker could intercept users’ internet communication, steal sensitive information and even hijack sessions.
The researchers scanned the Internet and had indicated that millions of devices worldwide are potentially vulnerable.
The researcher wrote:
“Using ZMap to scan vulnerable routers, we found more than two million IP addresses with the open UDP port,” Yeh wrote in a blog post. “Almost all of these routers are in China, with much smaller numbers in other countries, including but not limited to South Korea, Taiwan, Israel, and the United States.”
Exploiting this flaw is not too difficult, as a simple port scan can reveal the open UDP ports to anyone using such an online tool.
