router, Vulnerability

Rogue Router Firmware Chaos #Backdoor

rouge-router-firmware                             200 K Online Home Routers Affected Worldwide (approximately)

There are more than 3 Billion internet users worldwide. With the growth of internet users, home router sales also have increased. But sadly the security risk in home routers has been raised rapidly.

There is an ongoing war between Red Team and Black team. They both are trying to find the security issues of the home router. Previously, different security issues have been identified in home router by security researchers and nobody seems to be concerned about these issues. Default credentials in online devices already are playground for ‘crackers’.

Before revealing our research, let’s see how this security issue can be used by an attacker.


The picture Above IS the typical home router Attack Scenario where an attacker CAN hack the router and CAN Hijack the DNS session. So if A home router IS hacked then the PC’s or Devices Connected to the router Could BE compromised Easily. Our Security Researcher Nabin KC  ( AttoN_Cnew ) HAS published his white paper Regarding this Issue . Here IS A demonstration That How A hacked router CAN BE USED to compromised PCs inside NAT.

The Story of a Discovery

Let’s begin with Our Story of discovery. It WAS A usual Day in Our Office and my COLLEAGUE Nabackdoorbin KC WAS busy with his Research. But he HAD problems to Connect to Internet. One of the routers That we USED for lab purpose WAS A home router and was giving severe pain for us. Every time we use nmap for scanning purpose, that router faced a bottleneck issue.

So Nabin with Motive to Eliminate the Issue, he tried to upload Another Open source router firmware but he failed. And he Thought of an idea to reverse ENGINEER the router firmware USED in Our lab. But Surprisingly he Discovered A hard-coded backdoor username and password and it’s ” super

Hard-coded Backdoor

After getting this backdoor information, we got mixed feelings. Either we might have been pwned or there was something wrong with the firmware. The latter was highly likely in this case. So I started my research and tried to find the root cause. I never I found the answer that how this firmware came to existence but discovered many hidden things revolving around this firmware.

During our research, we tried to find the similar security issues in another model. And surprisingly what we found was that the same firmware have been implemented by the other routers vendors, too. More than 10 major router vendors have been using this same backdoor affected firmware.


. We also found several unregistered and unknown router vendors that have been using this same firmware Here is the list of affected router vendor and their router model name:


Alpha Network


Planet Networks





Blue Link

We also found many forged routers that have been using the same affected firmware.

digicom1-265x300 digicom-2-298x300 digicom-1-300x295 realtek-1-300x225 realtek-300x240

So after three months of extensive research, we found out that more 200,000 home routers (online) have been affected by this same router firmware all over the world. So from this calculation we can say approximately half a million devices (combining offline and online) It is affected.

Moral of the Story

Every user need to know Their Devices and vendor before Purchasing.
Creating A hard time for an attacker IS Always A win win situation. Use as much defense as you CAN.
As an end user, the best way to BE Protect your home router IS to disable the Remote Web Management console if you do not need it. There’s no way you can change the backdoor-ed username and passoword.

And the last options is to use Open Source firmware if your device supports (eg. OpenWrt)

Public Disclosure

Above the Research Have Been recently Presented in International Conference on Cyber Security and Cyber Law 2015 (Feb 21) by Nabin KC and Bijay Limbu Senihang Held at Hotel Yak and Yeti, Kathmandu Nepal. Please View the Slide here .

PS Router Vendors Have Been informed about this Issue. Only TREDNET HAS replied till Date.

Share this Story


  1. Mark Hahn

    March 1, 2015 at 3:44 am

    Not sure why using open firmware would be a last choice. The whole issue here is crappy, unaudited quality of vendor firmware…


    • Sarmik

      March 1, 2015 at 4:39 am

      What solution do you recommend from your side .


      • Bijay Limbu Senihang

        March 1, 2015 at 5:03 am

        The solution is to disable remote web management console. Atleast it can protect you from external attack i.e. attack coming from internet.


        • @bizzyunderscore

          March 1, 2015 at 7:10 am

          Right, trust the backdoored firmware not to allow remote mgmt connections. That doesn’t seem like the “best” solution to me.


          • Nabin Kc

            March 1, 2015 at 8:08 am

            You right .There are other type of attack for the offline you can find an example in

          • Abhibandu Kafle

            March 1, 2015 at 8:11 am

            yeah, definitely not the “best”! Best would be to not to use any of them!

        • Jason

          March 1, 2015 at 7:59 am

          This is disabled by default on all home routers (which I know of)

          Any manufacturer or reseller leaving external web access on is either malicious or stupid.


          • Abhibandu Kafle

            March 1, 2015 at 8:53 am

            Yes, that’s the point, all those vendors must have some malicious intent.

    • Abhibandu Kafle

      March 1, 2015 at 8:52 am

      Because it is already so widespread that ~ 1M devices (online + offline) are affected. We can’t ask every single person to change their home router.


      • Patrick C

        March 5, 2015 at 1:40 pm

        And why not? If they care anything about their security! Routers are cheap. I’m sure its a small price to pay for that added privacy.


  2. Leo gomez

    March 1, 2015 at 6:47 am

  3. Anonymous

    March 1, 2015 at 7:51 am


    can you check the AVM-Routers also, because, this is an big Router manufacturer
    who be sell in german and served Kabel-Germany and many more Households..
    the Router manufacturer AVM it’s an known Company in German, because this it is also very interesting if they have any exploits *g* so You could really get attention from a whole country *g*

    best regards
    Bl… Anonymous *g*


    • Nabin Kc

      March 1, 2015 at 8:05 am

      Haha thank you for your suggestion i don’t think they will be happy to hear that


  4. Nunya Biz

    March 1, 2015 at 4:59 pm

    As most Nepali ISPs are incompetent and are running transparent DNS & HTTP proxies, there is much bigger problem here.


  5. bill

    March 1, 2015 at 5:21 pm

    That is why i stick with Cisco routers. They can be manually configured to suit ones needs and also the security features are the best. Did i say they also last long?


    • Nabin Kc

      March 1, 2015 at 5:51 pm

      Everyone can not afford cisco router for home use and they also can not manage it if they could afford to buy it so it is not too pratical


  6. Steven Blakely

    March 1, 2015 at 6:15 pm

    And this is why my home router is an Ubuntu server with two NICs running CSF and dnsmasq. My old wireless router has been turned into WAP.


  7. meneame

    March 2, 2015 at 1:48 am

    200 mil routers infectados con backdoor de serie


  8. Liliana

    March 12, 2015 at 3:26 am

    Your style is really unique in comparison to other folks
    I have read stuff from. Thanks for posting
    when you’ve got the opportunity, Guess I will just bookmark this page.


  9. wat

    March 12, 2015 at 4:03 am

    An intriguing discussion is definitely worth comment. I think that you should write more about this subject,
    it may not be a taboo matter but usually people don’t discuss these topics.
    To the next! All the best!!


  10. Earnestine

    March 12, 2015 at 4:11 am

    I am actually thankful to the owner of this web site who has shared this fantastic
    post at at this place.


  11. Jack

    March 17, 2015 at 2:16 am

    “Everyone can not afford cisco router for home use and they also can not manage it if they could afford to buy it so it is not too pratical”

    Cisco owns NetGear, which is one of the cheapest routers around.


  12. Marcia Georgl

    March 17, 2015 at 8:06 pm

    Appreciation for the new equipment you have disclosed in your article. Have you ever thought about putting more than the things? Your content is outstanding but with movie show, this site may definitely be among the best with its subject. Back to the topic, because of the editorial I found precisely what I was there looking for.


  13. pirate kings cheat

    March 28, 2015 at 6:49 am

    This is very interesting, You are a very skilled blogger.
    I’ve joined your rss feed and look forward to
    seeking more of your fantastic post. Also, I’ve shared your site in my social networks!


  14. 情趣用品

    April 5, 2015 at 8:24 am

    Awesome! Thanks your sharing!


  15. LeonoreSCarrauza

    July 13, 2015 at 12:50 am

    Hi there mates, its wonderful article regarding cultureand completely defined,
    keep it up all the time.


  16. Revival Beauty

    July 13, 2015 at 5:54 pm

    Hello, the whole thing is going fine here and ofcourse
    every one is sharing information, that’s truly excellent,
    keep up writing.


  17. yua aida free

    August 17, 2015 at 1:21 pm

    One of the more impressive blogs Ive seen. Thanks so much for keeping the internet classy for a change. Youve got style, class, bravado. I mean it. Please keep it up because without the internet is definitely lacking in intelligence.


  18. camtasia studio 8 key

    August 18, 2015 at 4:44 am

    Now I am ready to do my breakfast, later than having my breakfast coming again to read more news.


  19. quest bars

    August 18, 2015 at 10:54 am

    I think the admin of this web page is in fact working hard in favor of his website, since here every
    information is quality based information.


Leave a Reply

Your email address will not be published. Required fields are marked *