Home
 » ISP News » 
Sponsored

Masses of Broadband Routers Still Vulnerable to Directory Traversal Hack

Friday, March 20th, 2015 (8:45 am) - Score 2,371

One of Cisco Systems better known Penetration Tester’s, Kyle Lovett, has this week warned a UK security conference that more than 700,000 ADSL broadband routers from various different manufacturers and countries are still vulnerable to a Directory Traversal attack that was first uncovered in 2011.

A Directory Traversal attack is a form of HTTP exploit, which usually only requires a web browser to launch the assault and a bit of knowledge about where the files and directories are on the system being targeted. A hacker can then use the browser to access data in a directory other than the servers / routers root directory and, if successful, they would be able to view or possibly even execute restricted commands and files.

Successfully exploiting a Directory Traversal vulnerability is in many cases enough to give the attacker almost total control of a router, which means they can do everything from hijacking your DNS (website etc.) requests to snooping on your personal data and various other nasty things.

Lovett expanded upon the approaches first used here and then more recently here (CVE-2014-2962) in order to extract an important file called config.xml, which was present on most of the affected routers. As the name might suggest, the file contains a lot of configuration settings (e.g. login and password for the ADSL / ISP connection, wifi network password, client and server credentials for the TR-069 remote management and more).

The passwords hashes (encryption) listed in the above file were, on a lot of devices, apparently quite weak and this meant they were easy to crack. Naturally once somebody has the passwords for your device then it’s often game over. Worrying Lovett noted that some routers even allowed him to access the config.xml simply by typing the correct URL (no real hacking required), although he didn’t say which ones.

According to PC World, Lovett scanned the Internet using SHODAN and claims to have identified 700,000 routers that could be vulnerable to the same attack, including various models from ZTE (e.g. H108N and H108NV2.1), D-Link (2750E, 2730U and 2730E), Sitecom, FiberHome, Digisol and more. But the number could potentially be higher since SHODAN only revealed those that could be targeted remotely because their web-based admin interface was exposed to the Internet.

Interestingly most of the routers were running firmware developed by China-based Shenzhen Gongjin Electronics (aka T&W), which also does manufacturing work for Asus, Alcatel-Lucent, Belkin, ZyXEL and Netgear. So far the company has not responded to Lovett or any media requests for comment, which doesn’t inspire confidence.

One bit of good news is that most of the vulnerable ADSL routers are supplied by ISPs in South America and South East Asia, with only a few spotted in the USA and other European countries (most of the latter were third-party purchases and not ISP supplied). In other words those with ISP supplied broadband routers in the UK should be fairly safe, but there’s no guarantee.

Leave a Comment
0 Responses

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Onestream £19.99 (*27.99)
    Avg. Speed 45Mbps, Unlimited
    Gift: None
  • TalkTalk £21.00 (*29.95)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • Plusnet £21.99 (*36.52)
    Avg. Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
  • NOW TV £22.00 (*40.00)
    Avg. Speed 36Mbps, Unlimited
    Gift: None
  • Vodafone £22.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. FTTP (2902)
  2. BT (2824)
  3. FTTC (1812)
  4. Building Digital UK (1772)
  5. Politics (1710)
  6. Openreach (1665)
  7. Business (1490)
  8. FTTH (1343)
  9. Mobile Broadband (1280)
  10. Statistics (1273)
  11. 4G (1104)
  12. Fibre Optic (1085)
  13. Wireless Internet (1047)
  14. Ofcom Regulation (1042)
  15. Virgin Media (1035)
  16. EE (729)
  17. Vodafone (708)
  18. TalkTalk (690)
  19. Sky Broadband (685)
  20. 5G (569)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact