Wednesday, January 8, 2014

PSA: Hacking Unifi Router !! Vulnerabilities


UniFi users beware!! Just recently discovered that our default UniFi router mainly the D-LINK model DIR-615 is very open for this nasty exploit.



Thanks to an avid tech blogger keithrozario manage to share this issue , I'm just ensuring that it gets to more masses to know that our internet connections is not that safe after all, thanks to your main ISP so called tighten security..meh..

searching victims

Using the web called shodanhq.com, a simple registering on it, searching based on our D-Link model gets us access remotely to an unfortunate UniFi user's router login page, and with the default password our ISP has pre-defaulted in all of D-Link router.

Hacked into some random UniFi user login page


Below is a guide on how to see the exploit in action.
Details of the hack:
1. To access the password page the appendage is /model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd

2. To search for Dlink Routers on Shodan the query is Mathopd/1.5p6 country:MY

This isn't abut stealing/unauthorized access to others' wifi. It is about gaining admin access to your router and change configuration of your router.
For example, they can:
- change ur wifi SSID and put some stupid names to embarrass u.
- change ur DNS server to their own DNS server and direct traffics to the website they want.
- directing u to fake websites to steal passwords.


The appendage of /model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd needs to be highlighted as it is very vulnerable if u using the dlink router and open ur wifi access to people, especially businesses using unifi to provide free wifi access to customers. If someone able to access ur wifi, they can do the things listed above.

Default UniFi TM D-Link 615 passwords:-
Username: Management
Password: TestingR2

Username : operator
Password : h566UniFi

Username : operator
Password : telekom

Username : operator
Password : <your Unifi username in reverse order>

username : admin
Password : <blank>

username : admin
Password : admin


So boys and girls, be aware on this and, either change all the default passwords, or just get a aftermarket router which supports UniFi.