More than 12 million readily exploitable unique devices connected to the Internet present in 189 countries across the globe in homes and offices routers are vulnerable to attacks that allow hackers to access machines user traffic and take administrative control over the devices any where in the world.
Researchers have found that the RomPager version prior to 4.34 software more than 10 years old are vulnerable to a critical bug, dubbed as Misfortune Cookie. The flaw named as Misfortune Cookie because it allows attackers to control the “fortune” of an HTTP request by manipulating cookies.
How to find that this will affect me ?
If your gateway device is vulnerable, then any device connected to your internet -including tablets, printers, security cameras, refrigerators, computers, phones and any other device that are connected by your home or office network. This may lead to stealing of your credentials and personal or business data and infect your machines with malware and over-crisp your toast.
How this works ?
“Attackers can send specially crafted HTTP cookies [to the gateway] that exploit the vulnerability to corrupt memory and alter the application and system state. Misfortune Cookie is a serious vulnerability present in millions of homes and small businesses around the world, and if left undetected and unguarded, could allow hackers to not only steal personal data, but control peoples homes”, said Shahar Tal, malware and vulnerability research manager with Check Point. This, in effect, can trick the attacked device to treat the current session with administrative privileges – to the misfortune of the device owner.
This vulnerability was discovered in 2002 and fixed after 3 years later. The bug has been assigned the identifier CVE-2014-9222. Manufacturers affected included Edimax, Linksys, ZTE, Huawei, ZyXEL, TP-Link and D-Link.
Latest posts by TWR (see all)
- Connecting to Airport WiFi is Safe, Right?…..Wrong - December 5, 2017
- Your HP Wireless mouse can be Spoofed; Be careful - May 18, 2017
- E.U. Fines Facebook $122 Million for misleading information about WhatsApp acquisition - May 18, 2017