X-Micro WLAN 11b Broadband Router Has Built-in Backdoor Administrator Account
SecurityTracker Alert ID: 1009730|
SecurityTracker URL: http://securitytracker.com/id/1009730
(Links to External Site)
Date: Apr 10 2004
User access via network|
Exploit Included: Yes |
Version(s): 1.2.2, 126.96.36.199|
A vulnerability was reported in the X-Micro WLAN 11b Broadband Router. A remote user can gain access to the administration interface.|
Gergely Risko reported that the device contains a built-in username ('super') and password ('super'). A remote user can connect to the web interface and use these authentication credentials to gain administrative access. The report indicates that the account cannot be disabled.
By default, the web interface is reportedly enabled on all network interfaces.
The vendor has reportedly been notified.
A remote user can gain administrative access on the target device.|
No solution was available at the time of this entry.|
The author of the report has provided an unofficial fix, available at:
Vendor URL: www.x-micro.com/wlan-router.htm (Links to External Site)
This archive entry has one or more follow-up message(s) listed below.|
Source Message Contents
Subject: Backdoor in X-Micro WLAN 11b Broadband Router|
Backdoor in the X-Micro WLAN 11b Broadband Router
FCC ID: RAFXWL-11BRRG
Firmware Version: 1.2.2, 188.8.131.52 (probably others too)
Remote: yes, easily expoitable
Type: administration password, which always works
The following username and password works in every case, even if you
set an other password on the web interface:
By default the builtin webserver is listening on all network
interfaces (if connected to the internet, then it is accessible from
the internet too). Using the webinterface one can install new
firmware, download the old, view your password, etc., so he can:
- make your board totally unusable, beyond repair
- install viruses, trojans, sniffers, etc. in your router
- get your password for your provider and maybe for your emails.
1. Set up portforwarding, and forward port 80, this way from the WAN
interface an attack is impossible. But be aware, that anyone in your
local LAN (possible over a wireless connection) can login to your
2. Upload a fixed firmware. I've made an unofficial (but fixed)
one. You can download it from
This firmware is unofficial. NO WARRANTY.
This firmware also fix other bugs, for a list see:
The tool, which used to create the image also released under the
I don't know that the folks at X-Micro (who built this so nasty
backdoor in this device) when will reply, I bcc'ed this mail to them.
I've chosen not contact with them earlier, because they violated the
GPL seriously, the open source community tried to communicate with
them, but without any positive results. And I'm sure that they know
about this remote backdoor.