The routers are sold under the brand name Netcore in China, and Netis in other parts of the world, including South Korea, Taiwan, Israel and United States.
According to Trend Micro, the backdoor — a semi-secret way to access the device — allows cybercriminals the possibility to bypass device security and to easily run malicious code on routers and change settings.
Netis routers are known for providing the best wireless transfer speed up to 300Mbps, offering a better performance on online gaming, video streaming, and VoIP phone calling.
The Netcore and Netis routers have an open UDP port listening at port 53413, which can be accessed from the Internet side of the router. The password needed to open up this backdoor is hardcoded into the router’s firmware.
All of the routers – sold under the Netcore brand in China and as Netis outside of the country – appear to have the same password, Tim Yeh, threat researcher at the security firm, says warning that the backdoor cannot be changed or disable, essentially offering a way in to any attacker who knows the “secret” string.
Using the backdoor, hackers could upload or download hostile code and even modify the settings on vulnerable routers in order to to monitor a person’s Internet traffic as part of a so-called man-in-the-middle (MitM) attack.
By attempting MitM attack, a potential attacker could intercept users’ internet communication, steal sensitive information and even hijack sessions.
The researchers scanned the Internet and had indicated that millions of devices worldwide are potentially vulnerable.
“Using ZMap to scan vulnerable routers, we found more than two million IP addresses with the open UDP port,” Yeh wrote in a blog post. “Almost all of these routers are in China, with much smaller numbers in other countries, including but not limited to South Korea, Taiwan, Israel, and the United States.”
Exploiting this flaw is not too difficult, as a simple port scan can reveal the open UDP ports to anyone using such an online tool.
In addition, Trend Micro also found that a configuration file containing a username and password for the web-based administration panel on the router is stored with no encryption protection, allowing an attacker to download it.
“Users have relatively few solutions available to remedy this issue. Support for Netcore routers by open source firmware like dd-wrt and Tomato is essentially limited; only one router appears to have support at all. Aside from that, the only adequate alternative would be to replace these devices,” advises Yeh.
Users can determine whether their router is impacted here.