Home Tools Exploits & CVE's ProLink PRS1841 Backdoor Account

ProLink PRS1841 Backdoor Account

January 2, 2023

327

Authored by Lawrence Amer, Lawrence Amer @zux0x3a | Site 0xsp.com

The ProLink PRS1841 home router suffers from having a backdoor account.

# Exploit Title: Router backdoor - ProLink PRS1841 PLDT Home fiber
# Exploit Author: Lawrence Amer @zux0x3a
# Vendor Homepage: https://prolink2u.com/product/prs1841/
# Firmware : PRS1841 U V2
# reference: https://0xsp.com/security%20research%20%20development%20srd/backdoor-discovered-in-pldt-home-fiber-routers/

Description
========================
A silent privileged backdoor account discovered on the Prolink PRS1841 
routers; allows attackers to gain command execution privileges to the 
router OS.

The vulnerable account issued by the vendor was identified as "adsl" and 
"realtek" as the default password; attackers could use this account to 
access the router remotely/internally using either Telnet or FTP 
protocol.

PoC
=============================
adsl:$1$$m9g7v7tSyWPyjvelclu6D1:0:0::/tmp:/bin/cli

ProLink PRS1841 Backdoor Account

Follow us on Instagram @thecyberpost

EDITOR PICKS

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

Gambio Online Webshop 4.9.2.0 Remote Code Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Apple CoreText libType1Scaler.dylib Buffer Overflow

Control Web Panel 7 Remote Code Execution

GreenShot 1.2.10 Arbitrary Code Execution