At least 700K routers provided by ISPs can be hacked2015-03-20 10:00 by Daniela
Tags: router, ISP
Security researcher Kyle Lovett has recently found that a well-known security flaw is present in about 700,000 ADSL routers that ISPs lend to Internet subscribers. The bug has been reported for the first time in 2011 in various router models. It allows a remote attacker to take control of a router.
Countries in which vulnerable routers have been distributed are: Colombia, India, Argentina, Thailand, Moldova, Iran, Peru, Chile, Egypt, China and Italy. The affected models include ZTE H108N and H108NV2.1; D-Link 2750E, 2730U and 2730E; Sitecom WLM-3600, WLR-6100 and WLR-4100; FiberHome HG110; Planet ADN-4101; Digisol DG-BG4011N; and Observa Telecom BHS_RTA_R1A.
Hackers can extract sensitive configuration data including administrative credentials by exploiting a "directory traversal" flaw in a firmware component called webproc.cgi. Once they gain access to a sensitive file called config.xml, attackers can take control of the router.
The file contains important configuration settings, username and password for the user's account with the ISP, the password for the wireless network and the credentials for the TR-069 remote management protocol if the ISP uses such.Attackers could then log in as administrator and change a router's DNS settings and to direct users to rogue servers when they try to access legitimate websites.
What's even worse than DNS hijacking is the fact that about 60 percent of routers provided by ISPs have a hidden support account with an easy-to-guess hard-coded password that's shared by all of them. Even devices that lack the directory traversal flaw, have this backdoor account, Lovett said.
Read more -here-