Posted on 12/19/2014 9:29:02 PM PST by Swordmaker
Researchers at Check Point have discovered a serious security vulnerability affecting at least 12 million leading-brand home and SME routers that appears to have gone unnoticed for over a decade.
Dubbed the ’Misfortune Cookie’ flaw, the firm plans to give a detailed account of the issue at a forthcoming security conference but in the meantime it’s important to stress that no real-world attacks using it have yet been detected.
That said, an attacker exploiting the flaw would be able to monitor all data travelling through a gateway such as files, emails and logins and have the power to infect connected devices with malware. Man-in-the-middle attacks would also be possible, according to Check Point.
The precise source of the issue is not known - a chipset software development kit (SDK) is suspected - but Check Point warned that up to 200 unpatched models using the RomPager embedded web server software (which uses a remote service called TR-069) prior to version 4.34 were probably vulnerable.
(Excerpt) Read more at pcworld.com ...
Tagged
sheesh!
Thanks for posting this.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.