Multiple vulnerabilities were found by security researchers in 4G routers manufactured by several companies, with the flaws exposing users to information leaks and command execution attacks.
Ini adalah cara ampuh untuk membobol password modem router zte. Yang harus kalian ketahui bahwa disini saya hanya ingin memberitahu kepada kalian cara yang benar untuk mengetahui password router ZTE bukan cara untuk mengubah settingan yang ada pada router tersebut, jadi jika ada masalah dikemudian hari setelah kalian mempraktekkan cara ini saya tidak akan bertanggung jawab. If the hacker is simply looking to access a free Wi-Fi connection, your only sign may be a foreign IP address listed on your network and slower speeds than usual. How to fix a hacked router If the hacker’s intent is more malicious, you may notice more blatant symptoms like unexpected software installations and inaccessible router settings.
Pen Test Partners researcher 'G Richter' shared the flaws found in 4G devices during this year's DEF CON hacking conference, saying that 'a lot of existing 4G modems and routers are pretty insecure.'
'We found critical remotely-exploitable flaws in a selection of devices from variety of vendors, without having to do too much work,' Richter said.
'Plus, there’s only a small pool of OEMs working seriously with cellular technologies, and their hardware (& software dependencies) can be found running in all sorts of places.'
The worst part is that the security flaws were discovered after examining a limited set of 4G routers, covering the entire prices spectrum, from consumer-grade routers and dongles to very pricey devices designed to be used in large enterprise networks.
All the security flaws found were reported to the vendors who fixed most of the discovered issues before the Pen Test Partners report was published but, unfortunately, the disclosure process didn't go as smooth as expected.
ZTE router vulnerabilities
The vendor that really stood out in the eyes of the researchers was ZTE, who brushed off the vulnerabilities identified in the MF910 and MF65+ routers as they affected end-of-life products—even though, in the case of the MF910, it was still listed on the company's website with no hint at it being out of support (advisory available HERE).
The researcher subsequently tested another ZTE router, the MF920, which shared the same codebase and, as a result, almost the same vulnerabilities. This time, ZTE decided to fix the reported flaws which also got assigned CVE identifiers.
The following issues were discovered while examining the MF910 and MF65 routers, issues that the vendor will not patch:
• The administrator password can be leaked (pre-authentication).
• One of the (post-authentication) debug endpoints is vulnerable to command injection.
• There’s also a Cross-Site Scripting point in a totally unused “test” page.
'These issues could be chained together to allow arbitrary code to be executed on the router, just by a user visiting a malicious webpage,' added Richter. More details on the MF910 security analysis can be found HERE.
Two of the vulnerabilities found in the other examined ZTE 4G router, the MF920, received the following CVEs—an advisory issued by the vendor is available HERE:
• CVE-2019-3411 – Information Leak (7.5 high severity CVSS v3.0 base score)
• CVE-2019-3412 – Arbitrary Command Execution (9.8 critical severity CVSS v3.0 base score)
Security flaws found in Netgear and TP-LINK 4G routers
The Pen Test Partners researcher also found security issues in 4G routers manufactured by Netgear and TP-LINK, with at least four of them also having been assigned CVEs.
Zte Router Wifi Hack
In the case of the Netgear Nighthawk M1 Mobile router, a cross-site request forgery bypass (tracked as CVE-2019-14526) and a post-authentication command injection (CVE-2019-14527) could allow potential attackers to execute arbitrary code on the vulnerable device if 'the user hasn’t set a strong password on the web interface.'
This vulnerability chain could be easily exploited by an attacker by tricking the device's users into visiting a maliciously crafted page. The researcher also provides more info on the CSRF protection bypass flaw and how one can break Netgear Nighthawk M1's firmware encryption.
TP-LINK's M7350 4G LTE Mobile wireless router was also found to be vulnerable, this time to the following command injection flaws which also got their own CVEs after being disclosed to the vendor:
• CVE-2019-12103 – Pre-Authentication Command Execution
• CVE-2019-12104 – Post-Authentication Command Execution
'In increasing numbers, lots of less-bandwidth-demanding consumers are inevitably going to start using cellular for their full-time Internet access,' added the Pen Test Partners researcher.
'Those manufacturers who are going to be selling 5G routers are currently selling 3G and 4G routers. Which – and I really cannot stress this enough – are mainly bad.'
Related Articles:
WiFi Password Hacking Software
WiFi Cracko is the application developed in purpose to find password to access protected WPA/WEP, WPA2 & WPA3 network security types.
Internet users who are not so highly educated about digital networking or computing in general usually have problems of recovering back their WiFi (WLAN) password in case they've forgot it. This often happens after changing a router and forgetting to save a new password to a safe place.
Zte Wifi Router Hack Download
This is why the WiFi Cracko tool is created - To help people hack into their router quickly and get their password in only few minutes!
The software is supported to work on multiple operating systems & devices.
Zte Wifi Router Hacker
OS Supported:
- Desktop: Microsoft Windows, MacOS
- Smartphone: Android .APK, iPhone/iPad with iOS
Click the button below to go to the files page where you can download the tool.
User Instructions:
WiFi Cracko is created with a very user friendly interface so even beginners can easily understand how to operate with it. Here is a step by step guide how to hack to hack WiFi password using our tool.
Step #1 - Download the app on your device and install it.
Step #2 - Click the 'Scan for Available Networks' button and wait a moment until all SSID available networks are listed in a box below.
Note: Hacking mobile hostspot of iPhone or Android phones is also possible since they have their own WLAN system built in.
Step #3 - Select the one you've decided to hack. Recommended is one with strongest signal.
Step #4 - Check its security type WEP/ WPA/ WPA2-PSK/ WPA3). If you are not sure, click the 'How do I know this' link and the tool will automatically check this for you.
Step #5 - Click 'Start Hacking' button and wait until the tool cracks a password. Time will depend on how strong is password made. If it's made of mixed characters, numbers, uppercase & lowercase letters etc. then it may take up to half an hour to crack a password successfully. But usually users are waiting around 3 to 5 minutes.
Step #6 - Done! Enjoy browsing the internet again!