LONDON: More than 12 million low-end SOHO routers worldwide are affected by the bug, dubbed Misfortune Cookie. At least 200 different models of devices from various manufacturers and brands are vulnerable, it’s claimed, including kit from D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.
Anything connected to the network Cs, phones, tablets, printers, security cameras, refrigerators, or any other networked device is at risk from attack within that LAN, if a vulnerable router is compromised.
An attacker exploiting the Misfortune Cookie flaw could monitor victims’ web browsing, screw around with DNS, steal account passwords and sensitive data, infect other machines with malware, or control devices. According to Check Point:
Attackers can send specially crafted HTTP cookies [to the gateway] that exploit the vulnerability to corrupt memory and alter the application and system state. This, in effect, can trick the attacked device to treat the current session with administrative privileges to the misfortune of the device owner.
The affected software, it is told, is the web server RomPager from AllegroSoft, which is typically embedded in the firmware in router and gateway devices. The HTTP server provides the web-based user-friendly interface for configuring the products.
To close the security hole, CVE-2014-9222, one must patch the device’s firmware assuming this is even possible and user manufacturer has released an update. AllegroSoft apparently fixed the bug in 2005, but the corrected code has yet to make it into routers in homes and offices. The programming blunder was introduced in 2002 when the biz distributed the software to manufacturers, it’s claimed.
Even if the gateway is configured to not expose its builtin web server to the wider internet, many devices listen publicly on port 7547 to receive instructions from ISPs via the TR-069 or Customer Premises Equipment WAN Management Protocol allowing hackers to send a malicious cookie from far away to that port and hit the vulnerable server software.
One workaround would be to make sure users gateway or router’s web server is not open to the public on ports 80, 8080, 443, 7547, and possibly others. According to Check Point: