Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers.
In previous research, the expert discovered a Telnet backdoor in D-Link DWR-921 which is also present in the ZyXEL LTE3301-M209 as well.
The researcher analyzed the commander ELF, focusing on the amit* functions that were containing the backdoor in D-Link routers.
“The firmware is basically a merge of 3 sections, the LZMA section is the kernel, at 0x148CD6 the root-fs and at 0x90BD36 the www content.” wrote the expert. “Inside the last Squashfs there is a [censored] file which is contains at 0x10 the Zlib magic bytes.”
Despite he did not find Telnet credentials, he discovered something which looks like a backdoor in the webUI.
