Security Affairs
AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

BHU Wi-Fi router, it is really too easy to hack these network devices

A security expert analyzed a BHU Wi-Fi router and found that it is easy to hack by an unauthenticated attacker that can access sensitive information. Tao Sauvage, an expert from IOActive, has analyzed a BHU Wi-Fi router that he purchased during a travel. The BHU Wi-Fi router appears like a surveillance box, but according to the […]

BHU Wi-Fi router, it is really too easy to hack these network devices

A security expert analyzed a BHU Wi-Fi router and found that it is easy to hack by an unauthenticated attacker that can access sensitive information.

Tao Sauvage, an expert from IOActive, has analyzed a BHU Wi-Fi router that he purchased during a travel. The BHU Wi-Fi router appears like a surveillance box, but according to the analysis of the experts, it is affected by multiple vulnerabilities.

BHU Wi-Fi router

 

The network device is completely pwnable by an unauthenticated attacker that can access sensitive information.

The expert also explained that the BHU Wi-Fi router comes with hidden users, SSH enabled by default and a hardcoded root password … not so bad for an attacker, what do you think about?

Last scaring discovery about the Chinese-made router is that it injects a third-party JavaScript file into all users’ HTTP traffic.

“The BHU WiFi uRouter, manufactured and sold in China, looks great – and it contains multiple critical vulnerabilities. An unauthenticated attacker could bypass authentication, access sensitive information stored in its system logs, and in the worst case, execute OS commands on the router with root privileges.” wrote Sauvage.”

Sauvage has exploited the UART debug pins to extract the firmware and analyzed it, it has found multiple security vulnerabilities.

The expert noticed that the CGI script running everything reveals the session ID of the admin cookie, this means that it could easily hijacked by an attacker that obtains admin privileges.

The BHU Wi-Fi router includes a hard-coded SID, 700000000000000, an attacker can get access to “all authenticated features” by presenting it to the router.

Once presented the above SID to the device, it revealed the hidden user dms:3.

So far, we have three possible ways to gain admin access to the router’s administrative web interface:

  •          Provide any SID cookie value
  •         Read the system logs and use the listed admin SID cookie values
  •         Use the hardcoded hidden 700000000000000 SID cookie value

” explained Sauvage.

It is incredible, the BHU Wi-Fi router is full of security holes, the researchers also discovered that the device fails to perform XML address value sanitization, this allows an attacker to carry out an OS command injection. Sauvage claims that the router could be used to eavesdrop on router traffic using a command-line packet analyzer like

The router could be used by attackers to eavesdrop on the device traffic using a command-line packet analyzer like tcpdump or to hijack it for other malicious purposes.

“At this point, we can do anything:

  • Eavesdrop the traffic on the router using tcpdump
  • Modify the configuration to redirect traffic wherever we want
  • Insert a persistent backdoor
  • Brick the device by removing critical files on the router “.

I invite you to give a look to the analysis published by IOActive, it is amazing the number of issues affecting this specific device, and probably many others suffer the same problems.

Lets hope the Chinese manufactured that designed the device, the BHU Networks Technology Co., is now aware how insecure is its router.

Don’t forget that the many powerful botnets leverages on compromised SOHO devices.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – BHU Wi-Fi router, SOHO router)