Title: ACSA-2013-014 Trendnet TS-S402 Backdoor telnet enabling page Timeline: 24 Oct 2013 - Discovery 30 Oct 2013 - Vendor get the report 03 Nov 2013 - CVE assigned 12 Nov 2013 - Issue confirmed by vendor Author: Andrei Costin of "FIRMWARE.RE" project firstname.lastname@example.org email@example.com Vulnerability discovered using "FIRMWARE.RE" platform/service Security advisory numbering: ACSA-2013-014 CVE-2013-6360 Vendor(s): Trendnet Product(s): TS-S402 Firmware details: File: FW_TS-S402(2.00.11).zip SHA256: 0a85da6c33b2a3f9c6e41ae9ed6dc2364b7d753b6ce342ec5298f597cdeaee61 Vulnerability details: http://device_ip/backdoor.shtml http://device_ip/cgi-bin/backdoor/index.shtml Accessing these will enable telnetd on the device (with all subsequent security consequences). About the author/project: Firmware.RE is part of the Firmware Genome Project. Firmware.RE is a free online service that: - unpacks, scans and analyzes almost any firmware package and facilitates the quick detection of vulnerabilities, backdoors and all kinds of embedded malware. - facilitates firmware mounting, modification, loading and emulation. - facilitates firmware vulnerability and backdoor discovery. - helps secure your embedded and internet-of-things devices.