News

Millions of routers vulnerable to attack with manipulated cookies

By admin
Spread the love

It is estimated that more than 12 million routers from D-Link, Huawei, TP-Link, ZTE and Zyxel can be attacked by sending a modified cookie file in an HTTP package. The attack method can give a hacker full access to the admin interface.

The bug, dubbed the Misfortune Cookie, was discovered by researchers at Check Point Software. The flaw can be found in RomPager, an embedded web server found in millions of routers and gateways. Sending a custom cookie in an http packet to a vulnerable device causes a memory error. This gives admin rights to each session, allowing an attacker to easily reconfigure a router or gateway.

Check Point calls Misfortune Cookie a serious vulnerability, partly due to the simplicity of the attack and because it is estimated that at least 12 million devices are vulnerable to the bug in RomPager. Devices can only be updated via a firmware update from the manufacturer. In some cases, an ISP or manufacturer can initiate this procedure remotely, but there are also situations that require a user to manually update by flashing the firmware.

So far, through a scan of various ports, Check Point has found vulnerable network equipment from D-Link, Huawei, TP-Link, ZTE and Zyxel, among others, in more than 200 different product types. The model numbers can be found in a PDF document.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory

News

Logitech acquires stream controller maker Loupedeck