Some Linksys and Netgear routers are plagued by a vulnerability that allows a local attacker to gain unauthorized access to the administrator control panel.Eloi Vanderbeken, the one who has identified the issue, reveals that a backdoor present in the devices can be used to reset the password for the web administration panel.
The existence of this backdoor has been confirmed in Linksys WAG200G, WAG320N, WAG54G2, WAG120N and WAG160n, and Netgear DGN3500, DG834 v3, DG834G V2, N150, and DM111Pv2. At least one LevelOne and Cisco router models are also impacted.
In case you’re wondering what these devices have in common, one Hacker News commenter believes they’re made by SerComm, the company that manufactured many old Linksys DSL modems.
A complete list of devices in which the backdoor might be present, and ones not affected is available in the advisory posted by Vanderbeken on GitHub.