Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: Home routers under attack...

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation D-Link DIR-645 - Firmware v1.03 update-fix

    FYI...

    D-Link DIR-645 - Firmware v1.03 update-fix
    - https://secunia.com/advisories/52432/
    Release Date: 2013-03-01
    ... security issue is reported in version to 1.02. Other versions may also be affected.
    Solution: Reportedly fixed in version 1.03.
    Original Advisory: http://archives.neohapsis.com/archiv...3-02/0151.html
    "... D-Link has released an updated firmware version (1.03) that addresses this issue..."

    > http://www.dlink.com/us/en/support/p...me-router-1000
    Latest Firmware - Version v1.03

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Linksys EA2700 firmware - update

    FYI...

    Linksys EA2700 firmware - update
    - http://arstechnica.com/security/2013...mote-takeover/
    Apr 9, 2013 - "... The most severe of the vulnerabilities in the "classic firmware" for the Linksys EA2700 Network Manager is a cross-site request forgery weakness in the browser-based administration panel... A statement issued by officials from Belkin, which recently acquired the Linksys brand, said the vulnerabilities documented by Purviance had been fixed in the Linksys Smart Wi-Fi Firmware that was released in June... link for the Linksys Smart Wi-Fi Firmware:
    - http://support.linksys.com/en-us/support/routers/EA2700
    EA Series Linksys Smart Wi-Fi Firmware
    11/19/2012
    Ver.1.1.39.145204
    - http://downloads.linksys.com/downloa...e_11192012.txt

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ASUS routers - critical updates ...

    FYI...

    ASUS routers - critical updates...
    - http://h-online.com/-1918469
    16 July 2013 - "... updates are available from the company's support page* for the two router models RT-AC66U and RT-N66U. The company says that it will offer fixes for the other affected models "soon". In the meantime, ASUS recommends turning -off- all AiCloud functions like Cloud Disk, Smart Access and Smart Sync."
    * http://www.asus.com/support/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation D-Link routers backdoor vuln...

    FYI...

    D-Link routers back door vuln...
    - http://www.theinquirer.net/inquirer/...s-wifi-routers
    Oct 15 2013 - "... D-Link has hurriedly prepared a patch for WiFi routers that are affected by a recent security alert... In a statement on its website*, D-Link acknowledged the problem and said that it is "proactively working with the sources of these reports". In the meantime, the company has posted an interim firmware update to address the problem... a full fix will be with us by the end of October."
    * http://www.dlink.com/uk/en/support/security
    "... Disable remote access to your router if it is not required (this is disabled by default)... These firmware updates address the security vulnerabilities in affected D-Link routers. D-Link will update this continually and we strongly recommend all users to install the relevant updates..."

    - https://isc.sans.edu/diary.html?storyid=16802
    Last Updated: 2013-10-14 19:58:28 UTC - "... old d-link routers which allows the attacker to gain admin privileges in the router. The following models are affected:
    DIR-100
    DI-524
    DI-524UP
    DI-604S
    DI-604UP
    DI-604+
    TM-G5240
    DIR-615 ...
    ... check this page* to look for information on how to access the admin tool to change the password..."
    * http://support.dlink.com/emulators/w...ools_admin.htm

    Last edited by AplusWebMaster; 2013-10-15 at 15:13.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post D-Link routers - Security Update

    FYI...

    D-Link routers - Security Update...
    - http://krebsonsecurity.com/2013/12/i...-link-routers/
    Dec 2, 2013 - "... Although the router models affected are fairly old, there are almost certainly plenty of these still in operation, as routers tend to be set-it-and-forget-it devices that rarely get replaced or updated unless they stop working... On Nov. 28, D-Link released a series of updates to fix the problem*..."
    * http://www.dlink.com/uk/en/support/security
    Update on Router Security issue
    ___

    D-Link routers authenticate administrative access using specific User-Agent string
    - http://securityadvisories.dlink.com/...?name=SAP10001
    Last updated: Dec 3, 2013
    Rev 9

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-6026 - 10.0 (HIGH)
    "... as exploited in the wild in October 2013."

    Last edited by AplusWebMaster; 2013-12-04 at 00:05.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Linksys router backdoor grants Admin access to Remote Users

    FYI...

    Linksys router backdoor grants Admin access to Remote Users
    - http://www.securitytracker.com/id/1029551
    Jan 3 2014
    Impact: User access via network
    Version(s): Models WAG200G, WAG320N, WAG54G2, WAG120N, WAP4410N; possibly other models
    Description: A vulnerability was reported in several Linksys Routers. A remote user can gain administrative access. A remote user can send specially crafted data to TCP port 32764 to execute commands on the target system with administrative privileges.
    The following devices are affected:
    Linksys WAG200G
    Linksys WAG320N
    Linksys WAG54G2
    Linksys WAG120N
    Linksys WAP4410N
    Other Linksys models may be affected.
    Routers from other companies may also be affected.
    The original advisory is available at:
    - https://github.com/elvanderb/TCP-32764
    Solution: No solution was available at the time of this entry...

    - https://isc.sans.edu/diary.html?storyid=17336
    Last Updated: 2014-01-02 22:13:53 UTC

    - https://www.grc.com/x/portprobe=32764

    - http://atlas.arbor.net/briefs/index#-1412990358
    Elevated Severity
    16 Jan 2014
    An undocumented backdoor in approximately twenty-five types of Cisco Small Business routers has been discovered.
    Source: http://www.tripwire.com/state-of-sec...nted-backdoor/

    Last edited by AplusWebMaster; 2014-01-17 at 04:48.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Linksys home routers targeted and compromised ...

    FYI...

    Linksys home routers targeted and compromised in active campaign
    - https://net-security.org/malware_news.php?id=2707
    Feb 13, 2014 - "... undetermined vulnerability affecting certain Linksys WiFi routers is being actively and massively exploited in the wild to infect the devices with a worm dubbed "TheMoon"* ... investigation started after they were notified by a Wyoming-based ISP that some of its customers have had their Linksys routers and home networks -compromised- in the last few days. "The routers, once compromised, scan port 80 and 8080 as fast as they can (saturating bandwidth available)"... it seems that the exploit doesn't work against Linksys' E1200 routers with the latest firmware, but E1000 routers are -vulnerable- even if they have the latest firmware. The worm also attempts to download a "second stage" binary, which includes a set of hard-coded netblocks (probably blocks it scans) and likely instructions for contacting C&C servers. Other files are also ultimately downloaded... Much is yet unknown about the situation, and while the researchers are delving into it, it might be a good idea to update your router's firmware and, if you know how, to switch -off- its remote administration..."
    * https://isc.sans.edu/forums/diary/Su...+Routers/17621

    ** https://isc.sans.edu/forums/diary/Li...Captured/17630

    Upgrading the Linksys router’s firmware ...
    - http://kb.linksys.com/Linksys/ukp.as...articleid=4030

    - http://support.linksys.com/en-us/support/routers/E1200

    - http://support.linksys.com/en-us/support/routers/E1000
    ___

    What we know so far...
    - http://isc.sans.edu/diary.html?storyid=17633
    Last Updated: 2014-02-13 18:37:18 UTC - "... At this point, we are aware of a worm that is spreading among various models of Linksys routers. We do not have a definite list of routers that are vulnerable, but the following routers -may- be vulnerable depending on firmware version: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. The worm will connect first to port 8080, and if necessary using SSL, to request the "/HNAP1/" URL. This will return an XML formatted list of router features and firmware versions. The worm appears to extract the router hardware version and the firmware revision... The worm will connect first to port 8080, and if necessary using SSL, to request the "/HNAP1/" URL. This will return an XML formatted list of router features and firmware versions. The worm appears to extract the router hardware version and the firmware revision... the worm will send an exploit to a vulnerable CGI script running on these routers. The request does not require authentication. The worm sends random "admin" credentials but they are not checked by the script. Linksys (Belkin) is aware of this vulnerability. This second request will launch a simple shell script, that will request the actual worm. The worm is about 2MB in size, samples that we captured so far appear pretty much identical but for a random trailer at the end of the binary... We do not know for sure if there is a command and control channel yet. But the worm appears to include strings that point to a command and control channel. The worm also includes basic HTML pages with images that look benign and more like a calling card. They include images based on the movie "The Moon" which we used as a name for the worm. We call this a "worm" at this point, as all it appears to do is spread. This may be a "bot" if there is a functional command and control channel present..."
    (More detail at the ISC URL above.)
    ___

    - https://net-security.org/malware_news.php?id=2711
    Feb 18, 2014 - "... Administrators and users are advised to -Disable- Remote Administration of their device, which protects them from the attack."

    Last edited by AplusWebMaster; 2014-02-18 at 15:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Linksys EA2700, EA3500, E4200, EA4500 Authentication Bypass ...

    FYI...

    Linksys EA2700, EA3500, E4200, EA4500 Authentication Bypass ...
    - http://www.securitytracker.com/id/1029769
    CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2013-5122
    Feb 17 2014
    Impact: User access via network
    Version(s): EA2700, EA3500, E4200, EA4500
    Description: A vulnerability was reported in some Linksys Routers. A remote user can gain administrative access to the target system...
    On some systems, TCP port 443 may also be open.
    The vendor was notified in July 2013...
    Impact: A remote user can gain administrative access on the target system.
    Solution: No solution was available at the time of this entry...
    ___

    - https://secunia.com/advisories/56994/
    Release Date: 2014-02-24
    Criticality: Highly Critical
    Where: From local network
    Impact: Security Bypass...
    Operating System: Linksys E4200, EA2700, EA3500, EA4500
    ... vulnerability is currently actively exploited in the wild.
    ... exploited to gain access to otherwise restricted functionality via TCP port 8083.
    Solution: No official solution is currently available.
    ... Reported as a 0-Day...

    - https://www.grc.com/x/portprobe=8083

    - https://www.grc.com/x/portprobe=443

    - http://support.linksys.com/en-us/support/routers/EA2700

    Last edited by AplusWebMaster; 2014-02-24 at 18:40.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation 300,000+ wireless routers hijacked by criminals in global attack

    FYI...

    300,000+ wireless routers hijacked by criminals in global attack
    - http://www.welivesecurity.com/2014/0...global-attack/
    4 Mar 2014 - "More than 300,000 wireless routers worldwide are under the control of an unknown group of cybercriminals, who have made malicious changes to the devices’ settings, allowing the attackers to misdirect computers to websites of their choice. Ars Technica reports* that the attack, which began in January 2014, affects multiple brands of router, including devices from D-Link, Micronet, Tenda among others. Routers around the world are affected, with many victims in Vietnam, but other affected in Thailand, Colombia and Italy. Team Cymru**, the specialist security company which identified the attack said that the mass attack was the “latest in a growing trend” of cybercriminals targeting SOHO (small office/home office) routers as a way to target victims without compromising PCs directly..."
    * http://arstechnica.com/security/2014...cious-changes/
    "... The telltale sign a router has been compromised is DNS settings that have been changed to 5.45.75.11 and 5.45.76.36..."
    ** https://www.team-cymru.com/ReadingRo...g&pk_kwd=Media

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Chameleon WiFi Virus spreads ...

    FYI...

    Chameleon WiFi Virus spreads ...
    - http://blog.malwarebytes.org/online-...s-like-a-cold/
    Mar 6, 2014 - "A team of researchers at the University of Liverpool developed a virus dubbed Chameleon that travels over WiFi networks and spreads “as efficiently as the common cold spreads between humans.” Unlike most viruses, Chameleon doesn’t go after computers or internet resources, but focuses on access points (APs), or where you connect to the internet. For the average home user, this is usually a wireless router. The research team says the virus spreads fast, avoiding detection and identifying “the points at which WiFi access is least protected by encryption and passwords.” If the virus hits a roadblock when trying to propagate, it simply looks for other access points “which weren’t strongly protected including open access WiFi points common in locations such as coffee shops and airports”... It’s unfortunate that very few routers today have adequate anti-virus protection, if they have any at all. In addition, many consumers don’t ever change the default username and password on their routers, making it dreadfully susceptible to hijacking. Here are some measures you can take to protect yourself from these types of threats:
    • Change the default username and password on your home router
    • Ensure your WiFi network is password protected with a strong password
    • Avoid weaker wireless authentication protocols like WEP
    • Don’t broadcast your network’s name (SSID)
    • Avoid public networks and WiFi hotspots
    • Consider MAC address filtering to control which devices connect to your network "
    - Disable Remote Administration

    Last edited by AplusWebMaster; 2014-03-07 at 03:37.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •