EW1200G-PRO router hacked/flashed
|
Hi, We have hundreds of the EW1200G-Pro, we use them for our fibre customers, it seems almost 100+ routers have been hacked either by dns port 53 or remote manament port 80, the routeres firmwares has been removed, it cant reset, doesnt boot. can you guys make it so that the remote management port can be adjusted so it can be filtered without affecting customers traffic? maybe a custom port range or a port like 8085? also these routers are completely exposed without authentication for programs like MQTT Explorer using port 1883, this reveals a lot of private customer info, like customer connected devices, pppoe information, wifi name and password information could you guys assist me to tell me if its possible to reflash the firmware for these routers and if you are planning on having more secured firmware? also possibly adding a custom port range for the remote management option? |
|
Dear sir, May I know your network topology?and 100+ routers have been hacked can you take a screenshot of that,What is the phenomenon of being hacked? and the SN of the device here is the newest version of firmware: https://www.ruijienetworks.com/support/documents/slide_EW1200G-PRO-Firmware-B11P204/ Best regards, Ross |
GTAC-Ross replied at 2023-5-6 18:54 Hi, The routers that have been hacked, their firmware was removed/flashed or something, routers wont boot or reset, router powers up but then indicator light starts flickering and never stops, the router i have with me, the SN is G1RP8F4023958 there are hundreds more all that got this same issue, we are a Fibre Network Operator company and our techs are busy replacing all the routers that are doing this, it started yesterday 2pm South African Time |
|
Dear sir, can you take a video that all devices can not be reset and reboot. May I know when did this issue happened?After what configuration? Best Regards, Ross |
GTAC-Ross replied at 2023-5-6 19:20 Hi, Do you want a video of all hundred devices or just one to see what happens? We have not changed any configuration on the clients router at that stage, there was a flood of DNS port 53 requests to our network and almost all these reyee routers stopped worked, we are using basic config for the reyee routers i can attach a config file of a currently replaced reyee router if that would help? |
Gert Ross replied at 2023-5-6 19:36 Dear sir, 1.May I know can you receive the SSID from the EW1200G PRO 2.The issue happened on all devices or some of your devices? 3.Are you able to login to the web interface of these devices 4.Did all customers experience a loss of access to the Internet 5.You can take one of device to show me the issue Best Regards, Ross |
GTAC-Ross replied at 2023-5-6 20:11 Hi, Jenny from service is currently assisting us in the firmware changes and cve exploits |
This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.
More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.
©2000-2023 Ruijie Networks Co,Ltd
Level 1
