Tag: Routers

Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw

A fresh botnet is spreading across the landscape, targeting router equipment. So far, hundreds of thousands of bot endpoints have already been identified, and they’re apparently being marshaled to send out massive amounts of spam.

The botnet first emerged in September, according to 360Netlab telemetry, which dubbed it BCMUPnP_Hunter. It’s so-named because of its penchant for infecting routers that have the BroadCom Universal Plug and Play (UPnP) feature enabled. The botnet takes advantage of a known vulnerability in that feature, which was discovered in 2013.

Read more about the BCMUPnP_Hunter botnet on Threatpost.

PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’

A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and network eavesdropping.

The hacking technique, found by Tenable Research is tied to the existing directory traversal bug (CVE-2018-14847) found and patched in April. That vulnerability was rated medium in severity. However, Tenable Research says it has recently found a new attack technique that exploits the same bug.

Read more about why Tenable researchers say the medium severity bug should now be rated critical on Threatpost.

New study finds 5 of every 6 routers are inadequately updated for security flaws

A new study by a US consumer nonprofit has found that five out of six home routers are inadequately updated for security flaws, leaving the devices, and indirectly their users, vulnerable to hacking. Carried out by the American Consumer Institute (ACI), the study analyzed a sample of 186 SOHO (small office/home office) Wi-Fi routers from 14 different vendors with a presence on the US market.

ACI experts looked at the firmware version the routers were running and searched public vulnerabilities databases for known security flaws affecting each device’s firmware. “In total, there was a staggering number of 32,003 known vulnerabilities found in the sample,” said ACI experts in the study.

Read more about the disturbing findings of the study on ZDNet.

Thousands of MikroTik Routers Hijacked for Eavesdropping

A full 7,500+ MikroTik routers are forwarding their owners’ traffic to eavesdropping cybercriminals – while 239,000 more have had their Socks4 proxy enabled, maliciously and surreptitiously. This means the bad actors can gain access to any of the files or data being passed by the router to and from corporate networks.

According to security researchers at 360 Netlab, adversaries are exploiting the known MikroTik CVE-2018-14847 vulnerability in Winbox, which is a management component and a Windows GUI application for MikroTik’s RouterOS software. Most of the 7,500 victims are in Russia, the firm found.

Read more about the campaign targeting MikroTik routers on Threatpost.

5 Tips for Protecting SOHO Routers Against the VPNFilter Malware

News of how the Russians are alleged to have infected more than 500,000 home routers worldwide via the VPNFilter malware broke last week, leaving home users and security managers scratching their heads about how to best to lock themselves down.

Craig Williams, director of Talos outreach, a leading member of the Cisco Talos research team that discovered the malware, says most SOHO users simply need to reboot their routers and do a firmware upgrade. “The good news based on our research is that VPNFilter used common hacking techniques on common vulnerabilities,” Williams says. “This was not a zero-day attack. According to a recent Symantec blog post, VPNFilter is a three-stage malware.

Read more about the VPNFilter malware and how individuals and organizations can protect their SOHO Routers on DarkReading.

15 Percent of All Routers Use Weak Passwords, 20 Percent Have Open Telnet Ports

There’s a reason why a large piece of the Internet went down last week after a DDoS attack on a key DNS service provider, and the reason is poor equipment design.

Read about the report by ESET which reveals that 15 percent of all routers have weak passwords and 20 percent have open telnet ports making it easy for hackers to attack them on Softpedia News.

Misfortune Cookie : Critical flaw on over 12M routers allows device hijacking, network compromise

A critical, easy to exploit vulnerability that opens more than 12 million SOHO routers around the world to remote compromise has been discovered by Check Point researchers.

“The Misfortune Cookie vulnerability is due to an error within the HTTP cookie management mechanism present in the affected software, allowing an attacker to determine the ‘fortune’ of a request by manipulating cookies,” the researchers explained how the flaw got its name.

Read more about the Misfortune Cookie vulnerability which could affect 12 million SOHO routers on Help Net Security.

Serious Root Access Bug in Belkin N750 Router

A serious vulnerability in a popular Belkin router could be exploited by a local, unauthenticated attacker to gain full control over affected devices. The good news is that the bug has already been patched by Belkin. The bad news is that approximately nobody installs router firmware updates.

The vulnerability exists in the guest network Web interface of Belkin’s N750 DB Wi-Fi Dual-Band N+ Gigabit Router (firmware version F9K1103_WW_1.10.16m). In this particular router, the guest network functionality is turned on by default and there is no authentication required to join it. In order to resolve the problem users will need to upgrade their firmware to version F9K1103_WW_1.10.17m.

Read more about the vulnerability in Belkin Routers on Threat Post.

Cisco Patches Three Out of Four Buggy RV Series Routers

Four Cisco routers from the RV series intended for small businesses have been found vulnerable to attacks that could allow execution of arbitrary commands and uploading files to any location on the device.

The affected products are Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall.

Cisco issued an advisory on Wednesday detailing a total of three flaws affecting the above mentioned products and released firmware updates for all but one product, RV220W, which is expected to receive a patch by the end of the month.

One of the security glitches detected by the company allows a potential attacker to remotely execute arbitrary commands with the highest privileges (root), by delivering a specially crafted HTTP request to the vulnerable device.

Read more more about the patch releases by Cisco on Softpedia

Vulnerability Found in Firmware Update Process of ASUS Routers

A researcher has identified a flaw that can be exploited to trick certain ASUS wireless routers into updating their firmware to old or potentially malicious versions.

In a blog post published on Tuesday, security researcher David Longenecker revealed that ASUS routers of the RT series are plagued by the flaw, which has been assigned the CVE identifier CVE-2014-2718.

The list of affected devices includes RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, and RT-N56U. However, according to the expert, RT-N53, RT-N14U, RT-N16 and RT-N16R could also be impacted since they use the same firmware base.

Read more about the vulnerability in Asus Routers on the Security Week