Ruijie Community

Title: EW1200G-PRO router hacked/flashed [Print this page]

Author: support@kurlec. Time: 2023-5-6 17:33
Title: EW1200G-PRO router hacked/flashed
Hi,

We have hundreds of the EW1200G-Pro, we use them for our fibre customers, it seems almost 100+ routers have been hacked either by dns port 53 or remote manament port 80, the routeres firmwares has been removed, it cant reset, doesnt boot.

can you guys make it so that the remote management port can be adjusted so it can be filtered without affecting customers traffic? maybe a custom port range or a port like 8085? also these routers are completely exposed without authentication for programs like MQTT Explorer using port 1883, this reveals a lot of private customer info, like customer connected devices, pppoe information, wifi name and password information

could you guys assist me to tell me if its possible to reflash the firmware for these routers and if you are planning on having more secured firmware? also possibly adding a custom port range for the remote management option?

Author: GTAC-Ross Time: 2023-5-6 18:54
Dear sir,
May I know your network topology?and 100+ routers have been hacked can you take a screenshot of that,What is the phenomenon of being hacked?
and the SN of the device
here is the newest version of firmware:
https://www.ruijienetworks.com/support/documents/slide_EW1200G-PRO-Firmware-B11P204/
Best regards,
Ross

Author: support@kurlec. Time: 2023-5-6 19:01

GTAC-Ross replied at 2023-5-6 18:54
Dear sir,
May I know your network topology?and 100+ routers have been hacked can you take a screensh ...

Hi,

The routers that have been hacked, their firmware was removed/flashed or something, routers wont boot or reset, router powers up but then indicator light starts flickering and never stops, the router i have with me, the SN is G1RP8F4023958 there are hundreds more all that got this same issue, we are a Fibre Network Operator company and our techs are busy replacing all the routers that are doing this, it started yesterday 2pm South African Time

Author: GTAC-Ross Time: 2023-5-6 19:20

Gert Ross replied at 2023-5-6 19:01
Hi,

Dear sir,

can you take a video that all devices can not be reset and reboot.
May I know when did this issue happened?After what configuration?

Best Regards,
Ross

Author: support@kurlec. Time: 2023-5-6 19:36

GTAC-Ross replied at 2023-5-6 19:20
Dear sir,

Hi,

Do you want a video of all hundred devices or just one to see what happens?

We have not changed any configuration on the clients router at that stage, there was a flood of DNS port 53 requests to our network and almost all these reyee routers stopped worked, we are using basic config for the reyee routers i can attach a config file of a currently replaced reyee router if that would help?

Author: GTAC-Ross Time: 2023-5-6 20:11

Gert Ross replied at 2023-5-6 19:36
Hi,

Do you want a video of all hundred devices or just one to see what happens?

Dear sir,

1.May I know can you receive the SSID from the EW1200G PRO

2.The issue happened on all devices or some of your devices?
3.Are you able to login to the web interface of these devices
4.Did all customers experience a loss of access to the Internet

5.You can take one of device to show me the issue

Best Regards,

Ross

Author: support@kurlec. Time: 2023-5-13 04:45

GTAC-Ross replied at 2023-5-6 20:11
Dear sir,

Hi,

Jenny from service is currently assisting us in the firmware changes and cve exploits

Author: draneoj@gmail.c Time: 2024-8-29 23:29
Same problem on my ew1200g pro

Author: draneoj@gmail.c Time: 2024-8-29 23:31
<img alt="VID20240829231638.mp4">

Author: draneoj@gmail.c Time: 2024-8-29 23:34

Author: v-anakaren@ruij Time: 2024-8-30 08:13

User 53172 replied at 2024-8-29 23:34

Dear,
Are you experiencing this issue on just one device? Is the admin page accessible?

Welcome to Ruijie Community (https://community.ruijienetworks.com/)