This is an easy way to fix your router against rom-0 vulnerability. it can be applied to ZyNOS routers. I applied this solution to TP-Link TD-W8961ND router. it could be applied to the following list too:
This vulnerability arise from the default settings of the firmware & it doesn't provide a way to change these settings from the web interface. luckily, the firmware does provide another access method to change the router's settings but it's not mentioned in the user manual. the second access method is the CLI which can be accomplished by using Putty or Telnet. here I used telnet from Windows. now you go with the following steps to prevent the flaw.
that's all you need & now your router is safe from rom-0 attack.
CVE-2013-2579
CWE ID 255
- TD-W8901G
- TD-8816
- TD-W8951ND
- ZTE ZXV10 W300
This vulnerability arise from the default settings of the firmware & it doesn't provide a way to change these settings from the web interface. luckily, the firmware does provide another access method to change the router's settings but it's not mentioned in the user manual. the second access method is the CLI which can be accomplished by using Putty or Telnet. here I used telnet from Windows. now you go with the following steps to prevent the flaw.
- first you need to reset the router to factory default settings by pressing the reset button. you need to do this to ensure safe configuration for your router
- go to the web interface of your router which can be accessed from 192.168.1.1 & update your router setting with your ISP information
- under maintenance change the default password from admin to anything you want & don't forget it as you will need it later on.
- open cmd & type the following commands line by line
1 | >telnet 192.168.1.1 |
2 | Password: <type your router password> |
3 | Copyright (c) 2001 - 2011 TP-LINK TECHNOLOGIES CO., LTD. |
4 | TP-LINK> sys server load |
5 | TP-LINK> sys server access ftp 1 |
6 | TP-LINK> sys server access web 1 |
7 | TP-LINK> sys server access icmp 1 |
8 | TP-LINK> sys server access tftp 1 |
9 | TP-LINK> sys server access snmp 1 |
9 | TP-LINK> sys server access telnet 2 |
10 | TP-LINK> sys server save |
11 | sys server: save ok |
that's all you need & now your router is safe from rom-0 attack.
CVE-2013-2579
CWE ID 255
how to undo this?
ReplyDeletesys server access web 2
Deletesys server save
Never mind. I did sys server access web 2 ,sys server save as mentioned above and now it's working. Thanks again!
Delete"sys server load" before all
Deletesys server load
sys server access web 2
sys server save
All done :)
سكرا
ReplyDeletethank you very much.
ReplyDeleteHello.
ReplyDeleteI did the telent commands without resetting the modem at first (w8901g) and now I can't access router by typing its ip (192.168.1.1). Can you tell me what I should do to access the router? Thanks. I'm affraid if I reset the modem, then I can't access the router to reconfigure it to connect to internet. Sorry for my english.
resetting your router is no problem however it will be vulnerable.
DeleteI got the same problem. But i fix it doing
ReplyDeletesys server load
sys server access web 2
sys server save
Above, Max says this commands "undo" the rom-0 fix, but my intivirus stop reporting network vulnerability anyway. I think that the "sys server access snmp 1" is the important fix here.
when you set access to
Delete- 1 means no access
- 2 means access via lan
- 3 means access via wan (which could be very dangerous and almost home users don't need it)
Hi Max - if I want external hacker to have no access to rom-0 file or the tplink admin page but still be able to do 192.168.1.1 internally, does web access via lan setting suffice and work?
Delete=> sys server access web 2
@Nitin
DeleteThe answer is yes.
what about smartphone ?? is this methode works for navgation with smatphones ?
ReplyDeletethis is not related to any smart-phones security issues. this is an explanation of how to fix the exposure of ZynOS which is mostly used by residential modems.
Deletewhat this commands do exactly to router ? I mean those commands stop hacker for downloading Rom-O ? I just want u to explain me what each of this commands do. Thank you
ReplyDeleteThanks! It works.
ReplyDeletegreat job
ReplyDelete