AllegroSoft RomPager 4.34 and previous versions, as used in Huawei Home Gateway products and other vendors and products, allows remote malicious users to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
allegrosoft rompager |
D1000 can be directed to drop its firewall, allowing access to panel over the internet
Eir, Ireland's largest ISP, has tens of thousands of customers with insecure ADSL2+ modems that appear to be vulnerable to remote takeover. Earlier this month, a security researcher writing under the name "kenzo" has posted a proof-of-concept exploit that demonstrates how an attacker might take control of an Eir D1000 modem. The ZyXEL-built Eir D1000 [PDF] comes with an open TCP port, 7547, which is used by the CPE WAN Management Protocol to manage the modems on Eir's network. According to kenzo...
New claim: Homes, businesses menaced by vulnerable firmware
Infosec biz Check Point claims it has discovered a critical software vulnerability that allows hackers to hijack home and small business broadband routers across the web. The commandeered boxes could be used to launch attacks on PCs and gadgets within their local networks. More than 12 million low-end SOHO routers worldwide are affected by the bug, dubbed Misfortune Cookie, we're told. At least 200 different models of devices from various manufacturers and brands are vulnerable, it's claimed, in...