DSL router patch hides backdoor instead of closing it
Last Christmas Eloi Vanderbeken of Synacktiv Digital Security gave the owner of 24 models of DSL modems that their equipment have a backdoor that allowed to send administrative commands to the routers without a password.
The list of affected modems include home models from Netgear, Cisco (branded Cisco and Linksys alike) and Diamond. In January, the vendors released an update that was supposed to fix the backdoor, but instead of fixing it, the patch only hided it, leaving it ready to be open again by using a special network package.
The original backdoor was accessible from the internet, as it listens to TCP/IP traffic. The patched version activation package needs to be sent from the local network (including wireless) or from the ISP network but, once reactivated, the backdoor would still be accessible from the internet.
The backdoor seems to be part of a firmware package from Taiwanese manufacturer Sercomm.
See more about this at ars technica.
Source: BinZine