Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20350112
(S) These devices have a backdoor upgrade webpage that still allows the device to be
upgraded.
Belkin F5D8231-4 v4 firmware 4.00.16 backdoor is:
<ip_address>/ui_belkin.html
Linksys WRT300Nv2 firmware 2.00.08 backdoor is:
<ip_address>/setup.cgi?next_file=UI_Linksys.htm
Linksys WRT54GL firmware 4.30.11 ETSI backdoor is:
<ip_address>/UI_Linksys.asp
Linksys WRT54GL firmware ddwrt v24 sp1 standard generic 10011:
Rename the firmware file with extension “.b1n” (i.e., replace the
‘i’ in the extension with a ‘1’ (one character) and perform the
firmware upgrade.
(S) Note that “Firmware Upgrade Inhibit” is a firmware-only option – i.e., this option is
selected when the firmware is built and cannot be changed thereafter. A Mission-
configurable “Firmware Upgrade Inhibit” option may be supported in the future.
12.8 (S) VPN Link/Proxy Support
(S) VPN Link/Proxy is only supported on devices with Flytrap software revision “svn
5025” and higher that have had VPN support built into the firmware (see CherryWeb
“Flytrap -> Details” page for the software revision a Flytrap is executing and whether or
not VPN support has been built in). In general, most linux-based devices can support
VPN Link/Proxy actions. VxWorks-based devices do not support VPN Link/Proxy
actions.
123
SECRET//20350112

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh