I am confused \\openwrt

Recently my Win 10 network neighborhood started showing a device on the network named OPENWRT. My router is a MiKroTik unit which has been running my network for several years and has not been recently upgraded. The network shows the following shares on the openwrt device:
disk_sataa1, disk_sataa5, disk_sataa6, disk_sataa7,
disk_satab1, disk_satab5, disk_satab6,
Disk_sda1, Disk_sdb1, Disk_sdc1,

If I try to access one of these shares I get a message that windows cannot acces the share.

The most recent change to my network was that the ISP (Spectrum) installed a new modem to handle its VoIP system. That modem is a docsis 3 compliant unit but I am not sure of the manufacturer.

Does anyone have any idea what is going on?

Try to ping it and see what IP you get.

Also you may trying to turn off the new modem, leave it off for a while and see if the OpenWrt device will disappear.

or toy could just ask your ISP.

1 Like

Is the IP address from that OpenWrt device one that matches the router?

If you haven't upgraded it recently, you're vulnerable to several high level security issues

Some of which are serious enough that an external attacker might have taken over your device. If that's the case, all bets are off (and the attacker might even have replaced the mikrotik firmware with their own, bugged firmware, which might be loosely based on OpenWrt).

That said, your first task would be identifying the new device - be it through the IP/ MAC address or disconnecting all devices one by one, until it disappears.

2 Likes

No. Its IP address matches the device which is a Dune 4K HD Media player. I am just surprised that the Dune media player shows itself by the name openwrt. I believe it used to show itself with another name. I will be looking into the settings on the Dune media player later.

Googling for "Dune 4K HD Media Player OpenWrt" yields several interesting results... looks like that device does have a firmware based on OpenWrt, and some users seem to have found the same issue you mention here.

After reading all these vulnerabilities it looks like none of them would give an outside attacker control of the Mikrotik device.

Thanks for all the help and advice. It definitely is the Dune device. I will investigate the issue with the Dune HD Support team.

CVE-2018-14847 has been actively used for that purpose, but really - wrong venue.