silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,143
Researchers have discovered vulnerabilities in D-Link and Comba Telecom routers that can leak passwords for the devices and have the potential to affect every user on networks that use them for access.
Trustwave SpiderLabs Security Researcher Simon Kenin discovered the vulnerabilities—two in a D-Link DSL modem typically installed to connect a home network to an ISP, and three in multiple Comba Telecom WiFi devices–which Trustwave unveiled in a blog post Tuesday.
“All the vulnerabilities involve insecure storage of credentials, including three where cleartext credentials are available to any user with network access to the device,” according to the post
Since a home user’s router is the gateway in and out of his or her entire network, Trustwave cautioned users to take the vulnerabilities very seriously.
“An attacker-controlled router can manipulate how your users resolve DNS hostnames to direct your users to malicious websites,” the company wrote in the post. “An attacker-controlled router can deny access in and out of the network perhaps blocking your users from accessing important resources or blocking customers from accessing your website.”
Vulnerabilities in D-Link, Comba Routers Can Leak Credentials
Flaws can potentially affect every device and user on the network by directing them to malicious websites or blocking their access to important data or resources.
threatpost.com