WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

rutx09 maybe hacked by iclouddnsbypass

–2 votes
622 views 1 comments
by
Since deploying an RUTX09 in my network with a local operator sim card, after several days the wifi ap connected to the router will force you to a captive portal called iclouddnsbypass.com a bad site written by igor july....??

If i use the same sim card in another router, there are no issues. the rutx09 was re-flashed with base factory firmware, and after 5 days the problem comes back. NO ONE in teltonika will reply to emails about this security breach!!! in additon the MD5 on newer firmware is NOT valid...poor software...
by
Strange, RUTX09 does not have WiFi so no hotspot as well.

2 Answers

+2 votes
by anonymous

Hello,

Could you please, generate a troubleshoot package and send it to me via PM? I have to admit, it is a strange issue.

Troubleshoot generation: System > Administration > Troubleshoot > Troubleshoot File > Download

Which firmware are you using right now?

Did you download new firmware files from here? https://wiki.teltonika-networks.com/view/RUTX09_Firmware_Downloads

or maybe you used some other source?

I just checked hashes for newest RUTX_R_00.02.01.1 firmware and they match the ones provided here: https://wiki.teltonika-networks.com/view/RUTX_Firmware_checksum_list

C:\Users\winuser>certUtil -hashfile C:\Users\winuser\Downloads\RUTX_R_00.02.01.1_single.bin SHA256

SHA256 hash of C:\Users\winuser\Downloads\RUTX_R_00.02.01.1_single.bin:
7d02014d67655113368b73db849b568bcddd539fd69ef9e5c9dac0a1d756a8af
CertUtil: -hashfile command completed successfully.

Compared to our Wiki page:

RUTX_R_00.02.01.1: 7d02014d67655113368b73db849b568bcddd539fd69ef9e5c9dac0a1d756a8af

Between firmware flashes did you uncheck Keep Settings so there is a fresh configuration after the flash?

I'm eagerly waiting for your reply,

Regards

+2 votes
by anonymous

Hello, 

This very interesting statements and I would like to investigate them with you.

You mentioned 3 main concerns:

  1. iclouddnsbypass.com
  2. No one responded to Your concerns
  3. MD5 on newer firmware is NOT valid

I will address them.

1. To understand this behavior we need to know what is "iclouddnsbypass.com"? 
This Web based service allows iOS users which have locked device to unlock them (if user "forgot" password and other password recovery tools (for some reasons) not working. 

Maybe you have iOS device and you were using this service? 
Additionally, are you really using RUTx09 (RUTx09 does not have WiFi)? 
Router main job is just route traffic. To know real root-cause of this behavior you should check TCPdump. Where you will see witch device/IP is "asking" go to iclouddnsbypass.com

2. Could you please send me PM with screenshot of email to whom you address your concerns?
3. This is very interesting situation because it may be related to your first concern. I tried to reproduce your described scenario, but MD5 check was successful. From where did you download FW? 

Regards