Thousands of routers mandated for use by a major Singaporean telco and operated by ‘top enterprises” around the world are open to a remote zero day exploit that allows routers to be completely hijacked and is indefensible by most users.
Vantage Point Security senior security consultant Lyon Yang does not wish to disclose the name of the affected internet provider but says the ZHONE routers are required for subscribers to be able to connect to the service.
“When the ISP ships the router, it comes with a shitload of vulnerabilities,” Yang told Vulture Southahead of a talk at the Hack in the Box conference this week. ISP
“I quickly found a large number of routers on Shodan from users in different countries — some of the top enterprises use it.”
“The remote hijack vulnerability is really easy to pull off.”
The hack is one of seven vulnerabilities, all patched last week.
view full story