WRVS4400n V2 - Overnight crash and admin password reset

tintifax.at · ‎04-23-2011

Hello,

yesterday I encountered a problem regarding the WRVS4400n - in the morning the network stood still, and as I tried to enter the config page from the router, my password was identified als wrong. Then I tried the standard admin password which was correct.

All the other settings in the router had been unchanged.

Although I have switched of WAN managment for the router I wonder if this could have been and attack and if so, what can I do to prevent that from happening again?

Tnx, T.

riroe · ‎04-24-2011

Did you have the firewall enabled on the router and you are certain that you had changed the password on the router

to something other than admin? Are you running with the latest firmware version on the router?

THANKS

tintifax.at · ‎04-25-2011

I definetively have the firewall enabled, but not IPS (speed...). I have added a rule to deny all from wan to my subnet.

In addition I have enabled port triggering für UDP ports 5060 and 5004 (VoiP) and I had one VPN account prepared with 10 alphanumeric characters.

My WLAN password is 63 digits generated by a password generator, so IMHO no dictionary attack possible.

My former router password was 20 chars long, definetively, and i used to log in with it, so it was set before.

I have the latest firmware 2.0.1.3 loaded.

tintifax.at · ‎01-04-2014

L&G,

I would like to bring up this thread as we have the Port 32764 discussion up and running: https://github.com/elvanderb/TCP-32764

The true story is: days before my post I switched on IPS (in contrary to what I've said) and I've later tried out to ping a chinese IP address listed in the IPS log. Finally, it ended in the reset router as described in my initial post.

I assume that the person in China showed me something with that presumed action. And, of course, that the Chinese botnet hackers have known of the WRVS4400 bug since at least 2011.

I would really like to get a statement regarding this story, as I have meanwhile exchanged my WRVS4400n to a more expensive firewall (a rack version from a different verndor) and this costs a lot of money a year.

Which products can really be trusted to be safe in a way that you could assume your digital privacies to be kept secret? This doesn't mean that my digital privacies are worth that money, but my privacy is.

ciscodrossy · ‎01-14-2014

The answer is: NO DEVICE! The internet is screwed.

Try it with opensource (e.g. pfsense) on a platform of your choice, but don't expect to much.

I remember a comparable incident with a WRVS4000N v 1.1 summer 2012. The morning I recognized that the router was reset to out-of-the-box settings, including passwords etc. I don't trust ANY internet device any longer. Those days are gone and won't come back.

Anyone successful with getting a new firmware for his Cisco-brick with 32764 trojan hole?

tintifax.at · ‎01-14-2014

Hi, I've had the WRVS4400n v2 (and still have, on the attic) with the latest firmware available then. As I don't use it any more, I'll throw it away.

Rgrd your other comment: agree, there might be no secure firewall product available and especially based on the assumption that the complex value chains involved with different parties are not secured from flaws and sabotages. I recently did a portscan with my current firewall and used the internet access of my iPhone in order to scan the device and it showed me two (standard) ports open incoming, whereas a different user did a scan on my IP and found nothing ... said it was a flaw of my iPhone ... I'm not that IT security specialist but it seems there is no way to avoid this interest.

I assume it's not only the governments who gain access for private data but also private organisations and criminals etc. I suppose the Chinese's reaction was quite kind as he showed me that the device was not secure yet 2011.

These kind of problems show that any IT company in the industry lacks quality assurance, especially in case of involuntary errors but it would be really awful if this would be for purpose.