Router Vulnerability Puts 12 Million Home and Business Routers at Risk…

Router Vulnerability Puts 12 Million Home and Business Routers at Risk

More than 12 million routers in homes and businesses around the world are vulnerable to a critical software bug that can be exploited by hackers to remotely monitor users’ traffic and take administrative control over the devices, from a variety of different manufacturers.

The critical vulnerability actually resides in web server “RomPager” made by a company known as AllegroSoft, which is typically embedded into the firmware of router , modems and other “gateway devices” from about every leading manufacturer. The HTTP server provides the web-based user-friendly interface for configuring the products.
The vulnerability, tracked as CVE-2014-9222 in the Common Vulnerabilities and Exposures database, can be exploited by sending a single specifically crafted request to the affected RomPager server that would corrupt the gateway device’s memory, giving the hacker administrative control over it. Using which, the attacker can target any other device on that network.
At least 200 different models of gateway devices, or small office/home office (SOHO) routers from various manufacturers and brands are vulnerable to Misfortune Cookie, including kit from D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.
The bug not only affects routers, modems and other gateway devices, but anything connected to them from PCs, smartphones, tablets and printers to “smart home” devices such as toasters, refrigerators, security cameras and more. This simply means if a vulnerable router is compromised, all the networked device within that LAN is at risk.
Misfortune Cookie flaw can be exploited by any attacker sitting anywhere in the world even if the gateway devices are not configured to expose its built-in Web-based administration interface to the wider Internet, making the vulnerability more dangerous.
Because many routers and gateway devices are configured to listen for connection requests publicly on port 7547 as part of a remote management protocol called TR-069 or CWMP (Customer Premises Equipment WAN Management Protocol), allowing attackers to send a malicious cookie from far away to that port and hit the vulnerable server software.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s