{"id":40596,"date":"2025-01-15T17:18:42","date_gmt":"2025-01-15T17:18:42","guid":{"rendered":"https:\/\/www.ispreview.co.uk\/?p=40596"},"modified":"2025-01-15T17:18:42","modified_gmt":"2025-01-15T17:18:42","slug":"millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html","title":{"rendered":"Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities"},"content":{"rendered":"<p>Security and VPN researchers Simon Migliano and Mathy Vanhoef have published a new report today that warns &#8220;<em>over 4 million internet hosts<\/em>&#8220;, including VPN servers and private home broadband routers, were found to be vulnerable to being hijacked to perform anonymous attacks and provide access to their private networks &#8211; thanks to &#8220;<em>new vulnerabilities in multiple tunneling protocols<\/em>&#8220;.<!--more--><\/p>\n<p>The vulnerabilities (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-7595\" target=\"_blank\" rel=\"noopener\">CVE-2024-7595<\/a>, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2025-23018\" target=\"_blank\" rel=\"noopener\">CVE-2025-23018<\/a>\/<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2025-23019\" target=\"_blank\" rel=\"noopener\">23019<\/a> and <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-7596\">CVE-2024-7596<\/a>), which relates to how internet hosts may accept tunnelling packets without verifying the sender\u2019s identity, are said to impact various tunnelling protocols (an essential backbone to the internet), such as IPIP\/IP6IP6, GRE\/GRE6, 4in6 and 6in4.<\/p>\n<div class=\"bq2\"><strong>NOTE:<\/strong> At the time of writing the most affected countries appear to be China, France, Japan, the U.S. and Brazil. But some hosts in the UK were also vulnerable.<\/div>\n<p>Scans suggest that as many as 4.26 million hosts could have been affected, including VPN servers, ISP home routers, core internet routers, mobile network gateways and nodes, and even CDN nodes (incl. Meta and Tencent). In addition, over 11,000 Autonomous Systems (AS) are also on the list &#8211; the most affected were Softbank, Eircom, Telmex, and China Mobile (&#8220;<em>almost 40% of vulnerable AS fail to filter spoofing hosts<\/em>&#8220;).<\/p>\n<p>The <a href=\"https:\/\/www.top10vpn.com\/research\/tunneling-protocol-vulnerability\/#home-routers\" target=\"_blank\" rel=\"noopener\">full report on Top10VPN<\/a> notes that affected hosts accept unauthenticated tunnelling traffic from any source, which &#8220;<em>means they can be abused as one-way proxies to perform a range of anonymous attacks<\/em>&#8221; and may potentially even be abused to &#8220;<em>gain access to victims\u2019 private networks<\/em>&#8220;.<\/p>\n<p>Interestingly, over 17% of all vulnerable hosts (726,194) were said to have stemmed from a &#8220;<em>misconfiguration<\/em>&#8221; in French ISP Free\u2019s home routers, which meant that routers with hostname <strong>*.fbxo.proxad.net <\/strong>accepted unauthenticated plaintext 6in4 tunneling packets traffic from any source.<\/p>\n<p>&#8220;<em>This flaw allows attackers to abuse Free customers\u2019 vulnerable home routers to spoof IPv6 source addresses and to perform DoS attacks<\/em>,&#8221; as well as to potentially gain access to the customer&#8217;s private home network (this was not tested for ethical reasons), said Simon Migliano. The ISP has since secured the affected routers.<\/p>\n<blockquote class=\"bq1\"><p><strong>Attack Details<\/strong><\/p>\n<p>The lack of built-in authentication makes it trivial to inject traffic into the vulnerable protocols\u2019 tunnels.<\/p>\n<p>An attacker simply needs to send a packet encapsulated using one of the affected protocols with two IP headers.<\/p>\n<p>The outer header contains the attacker\u2019s source IP with the vulnerable host\u2019s IP as the destination.<\/p>\n<p>The inner header\u2019s source IP is that of the vulnerable host IP rather than the attacker. The destination IP is that of the target of the anonymous attack.<\/p>\n<p>When the vulnerable host receives this malicious packet, it automatically strips the outer IP header and forwards the inner packet to its destination.<\/p>\n<p>As the source IP on this inner packet is that of the vulnerable but trusted host, it slips past any network filters.<\/p>\n<p>This transmission of spoofed traffic renders the vulnerable host a one-way proxy.<\/p>\n<p>If the vulnerable host is able to spoof IPs due to poor filtering on the part of its AS, then this allows the attacker to use any IP address as the source IP of the inner packet.<\/p>\n<p>This prevents a backtrace to identify the source of an attack and secure it, which means that a spoofing-capable vulnerable host can potentially be abused indefinitely.<\/p>\n<p>Prof. Vanhoef and Beitis discovered that it was possible to abuse a vulnerable host in new ways, outlined below.<\/p>\n<p>Spoofing-capable hosts can also be abused to perform traditional attacks, such as DNS spoofing, traditional amplification DoS attacks, off-path TCP hijacking, SYN floods, certain <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/link\/wifi\">WiFi<\/a> attacks and so on.<\/p><\/blockquote>\n<p>The report states that only accepting tunneling packets from trusted sources would, in theory, prevent attacks, although spoofing such a source would still sidestep this defense. &#8220;<em>The only foolproof defense is to use a more secure set of protocols to provide authentication and encryption, i.e. IPsec or WireGuard<\/em>,&#8221; said Simon. As usual, the vulnerabilities identified in this report have already been reported to the appropriate organisations and patched prior to publication.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security and VPN researchers Simon Migliano and Mathy Vanhoef have published a new report today that warns &#8220;over 4 million internet hosts&#8220;, including VPN servers and private home broadband routers, were found to be vulnerable to being hijacked to perform anonymous attacks and provide access to their private networks &#8211; thanks to &#8220;new vulnerabilities in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":26907,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[1],"tags":[109,479],"class_list":["post-40596","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uk_isp_news","tag-internet-privacy","tag-security"],"share_on_mastodon":{"url":"https:\/\/mastodon.social\/@ispreview\/113833516933098049","error":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities - ISPreview UK<\/title>\n<meta name=\"description\" content=\"Security and VPN researchers Simon Migliano and Mathy Vanhoef have published a new report today that warns &quot;over 4 million internet hosts&quot;, including VPN\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities - ISPreview UK\" \/>\n<meta property=\"og:description\" content=\"Security and VPN researchers Simon Migliano and Mathy Vanhoef have published a new report today that warns &quot;over 4 million internet hosts&quot;, including VPN\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html\" \/>\n<meta property=\"og:site_name\" content=\"ISPreview UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ispreview\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/ispreview\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-15T17:18:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2021\/05\/nggallery_import\/security_broadband_isp_routers.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1169\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mark Jackson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ispreview\" \/>\n<meta name=\"twitter:site\" content=\"@ispreview\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Jackson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html\"},\"author\":{\"name\":\"Mark Jackson\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/person\\\/de66a8b4e937c21c80e443d1bf9c35d5\"},\"headline\":\"Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities\",\"datePublished\":\"2025-01-15T17:18:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html\"},\"wordCount\":675,\"commentCount\":14,\"publisher\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/nggallery_import\\\/security_broadband_isp_routers.jpg\",\"keywords\":[\"Internet Privacy\",\"Security\"],\"articleSection\":[\"ISP News\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html\",\"name\":\"Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities - ISPreview UK\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/nggallery_import\\\/security_broadband_isp_routers.jpg\",\"datePublished\":\"2025-01-15T17:18:42+00:00\",\"description\":\"Security and VPN researchers Simon Migliano and Mathy Vanhoef have published a new report today that warns \\\"over 4 million internet hosts\\\", including VPN\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#primaryimage\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/nggallery_import\\\/security_broadband_isp_routers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/nggallery_import\\\/security_broadband_isp_routers.jpg\",\"width\":1169,\"height\":1000,\"caption\":\"security of broadband isp routers\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2025\\\/01\\\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.ispreview.co.uk\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#website\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/\",\"name\":\"ISPreview UK\",\"description\":\"Top Broadband ISP and Mobile Provider Information Site\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.ispreview.co.uk\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#organization\",\"name\":\"ISPreview.co.uk\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/ispreview_uk_logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/ispreview_uk_logo.jpg\",\"width\":1000,\"height\":1000,\"caption\":\"ISPreview.co.uk\"},\"image\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/ispreview\",\"https:\\\/\\\/x.com\\\/ispreview\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/mjack\\\/\",\"https:\\\/\\\/bsky.app\\\/profile\\\/ispreview.bsky.social\",\"https:\\\/\\\/mastodon.social\\\/@ispreview\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/person\\\/de66a8b4e937c21c80e443d1bf9c35d5\",\"name\":\"Mark Jackson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/nggallery_import\\\/Mark-Jackson-96x96.jpg\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/nggallery_import\\\/Mark-Jackson-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/nggallery_import\\\/Mark-Jackson-96x96.jpg\",\"caption\":\"Mark Jackson\"},\"description\":\"By Mark Jackson Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.\",\"sameAs\":[\"http:\\\/\\\/www.ispreview.co.uk\",\"https:\\\/\\\/www.facebook.com\\\/ispreview\",\"https:\\\/\\\/x.com\\\/ispreview\"],\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/author\\\/markj\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities - ISPreview UK","description":"Security and VPN researchers Simon Migliano and Mathy Vanhoef have published a new report today that warns \"over 4 million internet hosts\", including VPN","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html","og_locale":"en_GB","og_type":"article","og_title":"Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities - ISPreview UK","og_description":"Security and VPN researchers Simon Migliano and Mathy Vanhoef have published a new report today that warns \"over 4 million internet hosts\", including VPN","og_url":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html","og_site_name":"ISPreview UK","article_publisher":"https:\/\/www.facebook.com\/ispreview","article_author":"https:\/\/www.facebook.com\/ispreview","article_published_time":"2025-01-15T17:18:42+00:00","og_image":[{"width":1169,"height":1000,"url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2021\/05\/nggallery_import\/security_broadband_isp_routers.jpg","type":"image\/jpeg"}],"author":"Mark Jackson","twitter_card":"summary_large_image","twitter_creator":"@ispreview","twitter_site":"@ispreview","twitter_misc":{"Written by":"Mark Jackson","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#article","isPartOf":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html"},"author":{"name":"Mark Jackson","@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/person\/de66a8b4e937c21c80e443d1bf9c35d5"},"headline":"Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities","datePublished":"2025-01-15T17:18:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html"},"wordCount":675,"commentCount":14,"publisher":{"@id":"https:\/\/www.ispreview.co.uk\/#organization"},"image":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#primaryimage"},"thumbnailUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2021\/05\/nggallery_import\/security_broadband_isp_routers.jpg","keywords":["Internet Privacy","Security"],"articleSection":["ISP News"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html","url":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html","name":"Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities - ISPreview UK","isPartOf":{"@id":"https:\/\/www.ispreview.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#primaryimage"},"image":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#primaryimage"},"thumbnailUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2021\/05\/nggallery_import\/security_broadband_isp_routers.jpg","datePublished":"2025-01-15T17:18:42+00:00","description":"Security and VPN researchers Simon Migliano and Mathy Vanhoef have published a new report today that warns \"over 4 million internet hosts\", including VPN","breadcrumb":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#primaryimage","url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2021\/05\/nggallery_import\/security_broadband_isp_routers.jpg","contentUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2021\/05\/nggallery_import\/security_broadband_isp_routers.jpg","width":1169,"height":1000,"caption":"security of broadband isp routers"},{"@type":"BreadcrumbList","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2025\/01\/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ispreview.co.uk\/"},{"@type":"ListItem","position":2,"name":"Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.ispreview.co.uk\/#website","url":"https:\/\/www.ispreview.co.uk\/","name":"ISPreview UK","description":"Top Broadband ISP and Mobile Provider Information Site","publisher":{"@id":"https:\/\/www.ispreview.co.uk\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ispreview.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.ispreview.co.uk\/#organization","name":"ISPreview.co.uk","url":"https:\/\/www.ispreview.co.uk\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/logo\/image\/","url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2020\/07\/ispreview_uk_logo.jpg","contentUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2020\/07\/ispreview_uk_logo.jpg","width":1000,"height":1000,"caption":"ISPreview.co.uk"},"image":{"@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ispreview","https:\/\/x.com\/ispreview","https:\/\/www.linkedin.com\/in\/mjack\/","https:\/\/bsky.app\/profile\/ispreview.bsky.social","https:\/\/mastodon.social\/@ispreview"]},{"@type":"Person","@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/person\/de66a8b4e937c21c80e443d1bf9c35d5","name":"Mark Jackson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2023\/01\/nggallery_import\/Mark-Jackson-96x96.jpg","url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2023\/01\/nggallery_import\/Mark-Jackson-96x96.jpg","contentUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2023\/01\/nggallery_import\/Mark-Jackson-96x96.jpg","caption":"Mark Jackson"},"description":"By Mark Jackson Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.","sameAs":["http:\/\/www.ispreview.co.uk","https:\/\/www.facebook.com\/ispreview","https:\/\/x.com\/ispreview"],"url":"https:\/\/www.ispreview.co.uk\/index.php\/author\/markj"}]}},"_links":{"self":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/40596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=40596"}],"version-history":[{"count":0,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/40596\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/media\/26907"}],"wp:attachment":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=40596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=40596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=40596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}