Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 5 December, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

700,000 routers affected by known flaws

by The Gurus
March 23, 2015
in Top 10 Stories
Share on FacebookShare on Twitter

More than 700,000 ADSL routers contain serious flaws that allow remote hackers to take control of them.
The routers, provided to customers by ISPs around the world, have a “directory traversal” flaw in a firmware component called webproc.cgi, which allows hackers to extract sensitive configuration data, including administrative credentials. The flaw isn’t new and has been reported by multiple researchers since 2011 in various router models.
Security researcher Kyle Lovett came across the flaw a few months ago in some ADSL routers he was analysing in his spare time. He investigated further and unearthed hundreds of thousands of vulnerable devices from different manufacturers that had been distributed by ISPs in a dozen countries.
According to Lovett, the hashing algorithm used by the routers is weak so the password hashes can easily be cracked. Attackers could then log in as administrator and change a router’s DNS settings. Most of the vulnerable devices he identified are ADSL modems with router functionality that were supplied by ISPs to customers in Colombia, India, Argentina, Thailand, Moldova, Iran, Peru, Chile, Egypt, China and Italy. A few were also found in the US and other countries, but they appeared to be off-the-shelf devices, not distributed by ISPs.
FULL STORY

FacebookTweetLinkedIn
ShareTweet
Previous Post

Snowden warns IT specialists "you are a Government target"

Next Post

Victims of Target must prove damage to claim compensation

Recent News

New Synopsys Report Reveals Application Security Automation Soars

December 5, 2023
Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud

Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud

December 5, 2023
Centripetal real logo

Centripetal Announces Partnership With Tiger to Provide Cybersecurity Innovation to the UK Market

December 5, 2023
Google bins inactive accounts

Google bins inactive accounts

December 1, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information