Real news from the privacy world

Hackers Are Able to Hijack over 12 Million Business and Home Routers Due to Critical Vulnerability


According to researchers, over 12 million routers in small offices and homes have vulnerability that allow hackers from any place in the world to monitor traffic of the user and even gives them ability to access devices’ administrative control.

The vulnerability dwells in software called “RomPager” which is embedded into routers made by a company named AllegroSoft. A critical bug is contained in RomPager’s versions that are lower than 4.34, giving attackers ability to send simple HTTP cookie files. These files corrupt memory of the device and grant hackers administrative control. After that, attackers are able to use that control in a way which lets them to read plain text traffic passing through the device and even makes it possible for attackers to take other actions such as a change of sensitive DNS settings and even monitor or control connected devices such as computers, web cams and similar. The bug was dubbed by Check Point’s malware and vulnerability group’s researchers as a Misfortune Cookie, because hackers, thanks to this cookie, are allowed to determine HTTP request’s ‘fortune’ by manipulating cookies.

Researchers wrote that if any of your gateway devices having this vulnerability makes other devices connected to your network – including but not limited to computers, tablets, phones, security cameras, printers, refrigerators, toasters or any other devices that is connected to your home or office network – much more vulnerable to being compromised. Anything, from your Internet connection monitoring, credentials and personal or business data stealing, infecting your machines with malware to over-crisping your toast, can be done by the attacker exploiting the Misfortune Cookie vulnerability.

It is annoyingly undertaking to determine precisely what routers have this vulnerability. Devices often do not display identifying banners when they are accessed by unauthenticated users, and whenever such banners are actually presented, they most of the time do not include information about the fundamental software components. On top of that, some of the device manufactures patch the bug manually without upgrading the version of RomPager. Such practice may as well generate false positives when devices running older than 4.34 versions are flagged automatically. Check Point researchers in order to work around such challenges performed a comprehensive scan of Internet addresses that looked for vulnerable RomPager services. Over 12 million unique devices containing the bug and spanning 200 different models were shown in the results. Some of the affected manufacturers included D-Link, Linksys, Huawei, Edimax, ZyXEL, TP-Link and ZTE.

No evidence that would show the vulnerability being actively exploited has been uncovered by Check Point, however researchers still could not rule out that such attacks may have happened, either. Such in-the-wild exploits could, at least to a limited extend, explain hundreds of thousands of routers being remotely hacked on two separate occasions earlier this year. Even more so, due to Thursday’s disclosure blackhats may begin exploiting vulnerability.

A fix to this critical vulnerability was made available three years later after it was introduced in 2002. Check Point’s finding demonstrated that over 12 million gateway devices are susceptible to the attacks of Misfortune Cookie, thus proving that the fix has yet to be applied on to a significant amount of routers.

A guaranteed way for readers to be sure that their devices cannot be compromised due to critical vulnerability is to make sure that their gateway device is running RomPager version 4.34 or higher however as noted previously, there is possibility that routers could have been patched manually.

The vulnerability provides a risk that goes well beyond attacker’s ability to monitor data which is unencrypted but also granting them ability to infect devices that are connected to the affected router. Usually routers can be set with firewall that is filtering out such remote attacks; however situation changes if they are affected by the Misfortune Cookie bug.

Protect yourself and your important and sensitive information with NordVPN advanced encryption technology and many other features such as double VPN and Tor over VPN. Putting such events aside, your activities are being tracked constantly by your ISP and even government. Feel the freedom within the Internet by becoming one of our satisfied users and take the advantage of our current sale offers!

Try NordVPN for Free!

3 days of full security and privacy, with no strings attached


Your email address will not be published. Required fields are marked *

Leave a Comment

Your email address will not be published. Required fields are marked *