More than 12 million routers affected by critical vulnerability

More than 12 million routers and gateways from D-Link, Huawei, TP-Link, ZTE and Zyxel are vulnerable to an attack using a HTTP packet with a modified cookie file. Using the method an attacker can gain full access to the admin interface of the device.

myce-misfortunate-cookie

ADVERTISEMENT

The bug, called Misfortune Cookie is discovered by researchers of Check Point Software. The vulnerability resides in RomPager, an embedded web server used in millions of routers and gateways. Sending a modified cookie in a HTTP packet to a vulnerable device causes a memory error. This provides admin rights to every session allowing an attacker to easily reconfigure the router or gateway.

Check Point considers Misfortune Cookie a critical vulnerability partly due to the easiness of the attack and the large amount of vulnerable devices. The vulnerability can only be patched by a firmware update. In several cases an internet provider or manufacturer can remotely upgrade the firmware, but in many occasions an user will need to manually flash a firmware update to their router or gateway.

By using a scan on several ports of vulnerable devices including those of D-Link, Huawei, TP-Link, ZTE and Zyxel,  Check Point found more than 200 affected devices. The company has published a document with vulnerable products.

ADVERTISEMENT

No posts to display