AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Rtn66r unreplied parts2/28/2023 ![]() The company did not disclose the flaw until it became known that Russian hackers exploited it en masse to assemble a massive botnet.Ĭompanies were slow to remove Russian spies' malware, so FBI did it for them Still, no critical notice went out to WatchGuard customers. Months after the fix was released, the FBI told WatchGuard that their devices were being hacked. Quoting: ".the company made only the most oblique of references to the vulnerability". A critical bug in WatchGuard firmware was fixed in May 2021 without a warning to customers of just how important it was. ![]() You buy the hardware for increased security, and it ends up lowering your security. WatchGuard waited 11 months to explicitly disclose critical flaw exploited by Sandwormīy Dan Goodin of Ars Technica April 6, 2022 WatchGuard can not be trusted to do the right thing At the time of writing, of the 87 critical vulnerabilities published in 2021, more than a quarter remain unpatched and unreported by the vendor. Unfortunately, not all vendors are rushing to fix even critical vulnerabilities. The website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 20. During 20, more than 500 router vulnerabilities were found. However, with the mass shift to remote working, it went off the scale. Quoting: "According to, the number of vulnerabilities discovered in various routers, from mobile to industrial, has grown over the past decade. A wide range of routers are under attack by new, unusually sophisticated malware by Dan Goodin for Ars Technica June 28, 2022īy Leonid Grustniy of Kaspersky June 8, 2022ĭiscusses some things that bad guys do with an infected router, such as: joining it to a botnet for DDoS attacks, steal your data and redirect you to pages with ads or malicious sites instead of the ones you want to visit.īy Maria Namestnikova of SecureList June 8, 2022.If you can, block these websites in your router. If these calls fail, the malware deletes itself under the assumption that it is being run in an isolated sandbox. One defense: The malware tries to learn the public IP address of an infected router by calling out to, , and. Only routers with a MIPS processor are vulnerable. That said, they are sure that it does DNS and HTTPS hijacking. They "have a narrow view" of the full extent of what the malware can do. Black Lotus Labs is the threat intelligence division of Lumen Technologies. The malware does not survive a re-boot of the router, so just as the home page of this site has suggested for a long time, periodic reboots are a good idea. They found infections in these routers: Cisco RV 320, 325 and 420, Asus RT-AC68U, RT-AC530, RT-AC68P and RT-AC1900U, DrayTek Vigor 3900 and some unspecified NETGEAR devices. Some routers can limit the LAN side devices that are allowed to communicate with the web interface. The routers are being hacked from the LAN side by malware running on Windows PCs. The malware seems to be using existing, known bugs to infect the routers. ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks The bug also exists in Asus routers, both those running ASUSWRT (factory installed firmware) and the open-source firmware alternative known as Asuswrt-Merlin.īeen fixed in AsusWrt-Merlin as of version 386.7. FreshTomato issued a patch on May 6th.ĭD-WRT has not yet issued a patch. All three router firmware vendors were contacted on April 11, 2022. In each case, a specially crafted HTTP request can lead to memory corruption. ![]() The root cause in each case was a piece of code that had been taken from an open-source library owned by Broadcom. Talos found three vulnerabilities in open-source router firmware packages. Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple productsīy Francesco Benvenuto of Cisco Talos July 27, 2022 2022ĭD-WRT and Asus can not be bothered fixing bugs Articles that offer security advice are listed on the Other router security advice page. The flaws that are exploited are documented on the Bugs page. I am still waiting for a good news story about routers. Routers in the news, pretty much means routers getting exploited by bad guys to do bad things.
0 Comments
Read More
Leave a Reply. |