Firmware updates pushed out to up to 400,000 subscribers
A security vulnerability has been found in Brit broadband biz Hyperoptic's home routers that exposes tens of thousands of its subscribers to hackers.
The gigabit provider's routers are made by ZTE, the Chinese electronics giant that American and
British spy agencies have sounded an alarm over. The
United States has also imposed a ban on American companies selling components to ZTE and other Chinese network gear makers.
In November, infosec outfit Context IS alerted
consumer-rights charity Which? to critical vulnerabilities found in the Hyperoptic broadband home router H298N. These bugs can be exploited to gain control of the device, change its firewall and security settings, change the administrative password, and generally cause havoc.
All a victim has to do is click on a link, for example in an email or message, while on the same local network as the router, to trigger exploitation: the URL takes the victim to a webpage that abuses a hardcoded root password in the router.
TP-Link Router Flaw Enables Authentication Bypass Through Password Recovery Mechanism
D-Link issues hotfix for hard-coded password router vulnerabilities
Harden Windows Security | Only with official documented methods | Always up to date
How to protect the wi-fi router and home LAN.
Check your router – list of routers affected by VPNFilter just got bigger (date: 11 Jun 2018)