Gaping admin access holes found in SoHo routers from Linksys, Netgear and others

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
For many home users, the router-slash-firewall at the edge of their network plays an vital security role.

It acts as a stockade to keep crooks on the internet at arms' length, typically blocking inbound network connections by default.

It shields the internal layout of the network from outside observers.

It probably also serves as a wireless access point for the household, and thus bears the responsibility of preventing random passers-by from jumping online and getting up to mischief at someone else's expense.

In a word, your SoHo router is important.

So it is always alarming to read about sloppy programming in the firmwarethat ships with this sort of device.

Late last year, we wrote about "Joel's Backdoor," a misfeature in some D-Link routers which would have been a great joke, if only the side-effects hadn't been so serious.

Joel's bug was that if you told your browser to identify itself asxmlset_roodkcableoj28840ybtide (read it backwards!) instead of, say,Mozilla or AppleWebKit, then many D-Link routers would skip the need for a password.

Unauthenticated administrative access, just like that!

Here's another flaw, this time in various router products from Sercomm, that shows a similarly casual attitude to security by programmers who really owe you better code.

Sercomm produces routers under its own name, as well as building hardware sold under a diverse range of brand names, including 3Com, Aruba, Belkin, Linksys, Netgear and Watchguard.

Read more: http://nakedsecurity.sophos.com/201...soho-routers-from-linksys-netgear-and-others/
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top