Hackers could exploit the vulnerabilities to redirect traffic, access network services, or learn device configuration details. Researchers at Rapid7 recently uncovered a security issue in NAT-PMP protocol implementations that put more than 1.2 million routers at risk to attack.
Home and small office routers have been a favorite target for black hats and researchers alike. “Cracking the password depends, obviously on a couple of different factors.” “The htpasswd can be as easy, remote or local, as typing in Lovett said. The attacker would need only to request the file contains the MD5 hash of the administrator password and other information needed to read the password. The other bug is a key management error that allows an attacker on the local network to read the router’s. “Once an attacker knows which X-JNAP-Action to call, it’s only a matter of crafting the correct POST body.” “If the end user changes the default password, the JNAP issue I think is more serious due to the vast numbers of different pieces of information disclosure that the different JNAP POST calls allow for,” Lovett said. Port 1000 expose the router’s administrative interface to users. The router exposes a number of ports by default to the wide area network. “Depending on the JNAP action that is called, the attacker may be able to read or modify sensitive information on the router,” the advisory said. The most serious of the two, Lovett said, is an information disclosure vulnerability whereby a remote attacker can send malicious JNAP calls in a specially crafted HTTP POST request to the router’s IP address/JNAP/. The vulnerabilities were explained late last week in an advisory released by US-CERT. “Linksys has an option to have automatic updates, which makes the patches hit far more units than other SOHO models out there,” Lovett said. Public exploits for the vulnerabilities in the EA3500 and EA6500 models were available on a Turkish hacker site in mid-September.īoth of the vulnerabilities were remotely exploitable and did not require authentication Linksys encourages SOHO and consumers to turn on automatic updates in the available models. Researcher Kyle Lovett reported the vulnerabilities in July Linksys patched the bugs on Oct.
Linksys EA2700 and EA3500 routers running Linksys SMART Wi-Fi firmware have yet to be patched against vulnerabilities that put user credentials at risk, thus allowing outside access to the router. Two versions of popular consumer and small office Linksys routers remain vulnerable to a pair of vulnerabilities recently patched in other models of the Belkin-owned networking gear.
0 kommentar(er)
