Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Korean Davolink routers are easy exploitable due to poor cyber hygene

Davolink dvw 3200 routers have their login portal up on port 88, the access is password protected, but the password is hardcoded in the HTLM of login page. The story started in 2018 when Anubhav noticed a very basic flaw the routers of the Korean vendor Davolink. These Davolink dvw 3200 routers have their login […]

Death botnet

Davolink dvw 3200 routers have their login portal up on port 88, the access is password protected, but the password is hardcoded in the HTLM of login page.

The story started in 2018 when Anubhav noticed a very basic flaw the routers of the Korean vendor Davolink.

These Davolink dvw 3200 routers have their login portal up on port 88, the access is password protected.

Analyzing the code of the page the expert has noticed a function named “clickApply” that included the password in standard base 64 coding.

function clickApply(sel) 
{ 
var user_passwd="YWRtaW4="; 
var super_passwd="(null)"; 
document.forms[0].http_passwd.value = encode(document.forms[0].tmp_http_passwd.value);

Davolink dvw
Scanning the Internet for similar devices using the search engine Zoomeye, he discovered more than 50 routers in Korea are exposed only and are accessible providing the hardcoded password.
Davolink

The expert reported the issue to the vendor that quickly acknowledged it and responded that they have discontinued the product. The vendor added that a working patch is already available.

The expert published the exploit code on exploit-db.

“Many IoT vendors are not doing the basics right as keeping the password in the HTML source, it is a very basic security issue” concluded Anubhav

“and it is a relevant issue as users in Korea are using it”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Davolink, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]