Serious security flaw found in 700,000 routers worldwide

Gizbeat recently posted regarding mobile malware, but this post addresses recent flaws found in routers. Many of them given to customers by their ISPs.

Kyle Lovett, a security analyzer has found a serious flaw in some ADSL routers given to customers by ISPs. The flaw makes them susceptible to remote hack attempts.hacker The models have been distributed around the world. They have been given to customers by ISPs In Colombia, India, Argentina, Thailand, Moldova, Iran, Peru, Chile, Egypt, China and Italy. Some have been found in other countries, including the U.S. purchased from retail outlets or online.

Lovett found that most affected routers are using firmware from the Chinese company Shenzhen Gongjin Electronics, who also does business under the name T&W. They manufacture parts for router vendors such as D-Link, Asus, Alcatel-Lucent, Belkin, ZyXEL and Netgear.

The security hole is called “directory traversal” and is in the firmware as webproc.cgi

At this point, it’s not clear whether Shenzhen Gongjin Electronics is aware of the flaw, or whether a patch has been released. Lovett has notified the manufacturers of the models discovered thus far. He announced his discovery on Wednesday at a security conference in the UK.

The security hole is called “directory traversal” and is in the firmware as webproc.cgi. Hackers can obtain config.xml which contains the config settings, including the admin’s password hashes (easily crackable due to weak encryption algorithms), ISP connection logon name and password, Wi-Fi password, and client and server credentials for the TR-069 remote management protocols which is used by some ISPs.

Lovett discovered the hole when analyzing an ADSL router several months back. He researched the discovery further and found more than the issue affects more than 700,000 routers worldwide.

Models discovered to have the security flaw to date

  • ZTE H108N
  • ZTE H108NV2.1
  • D-Link 2750E
  • D-Link 2730U
  • D-Link 2730E
  • Sitecom WLM-3600
  • Sitecom WLR-6100
  • Sitecom WLR-4100
  • FiberHome HG110
  • Planet ADN-4101
  • Digisol DG-BG4011N
  • Observa Telecom BHS_RTA_R1A

If you own one of the routers mentioned above, Gizbeat strongly advises you to check for a firmware update for your router, and if none is yet available, contact the manufacturer to determine when one will be released. If they are clueless you may want to consider purchasing a new router. Decent name brand routers can now be had for $15-20.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *