INSIGHTS, NEWS & DISCOVERIES
FROM IOACTIVE RESEARCHERS

Wednesday, August 17, 2016

Multiple Vulnerabilities in BHU WiFi “uRouter”

By Tao Sauvage

A Wonderful (and !Secure) Router from China


The BHU WiFi uRouter, manufactured and sold in China, looks great – and it contains multiple critical vulnerabilities. An unauthenticated attacker could bypass authentication, access sensitive information stored in its system logs, and in the worst case, execute OS commands on the router with root privileges. In addition, the uRouter ships with hidden users, SSH enabled by default and a hardcoded root password…and injects a third-party JavaScript file into all users’ HTTP traffic.

In this blog post, we cover the main security issues found on the router, and describe how to exploit the UART debug pins to extract the firmware and find security vulnerabilities.