The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: hacking router

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

March 05, 2020Mohit Kumar
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. The affected pppd software is an implementation of Point-to-Point Protocol (PPP) that enables communication and data transfer between nodes, primarily used to establish internet links such as those over dial-up modems, DSL broadband connections, and Virtual Private Networks. Discovered by IOActive security researcher Ilja Van Sprundel , the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol (EAP) packet parser of the pppd software, an extension that provides support for additional authentication methods in PPP connections. The vulnerability , tracked as CVE-2020-8597  with CVSS Score 9.8, can be exploited by unau
125 New Flaws Found in Routers and NAS Devices from Popular Brands

125 New Flaws Found in Routers and NAS Devices from Popular Brands

September 17, 2019Swati Khandelwal
The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it? As we connect everything from coffee maker to front-door locks and cars to the Internet, we're creating more potential—and possibly more dangerous—ways for hackers to wreak havoc. Believe me, there are over 100 ways a hacker can ruin your life just by compromising your wireless router —a device that controls the traffic between your local network and the Internet, threatening the security and privacy of a wide range of wireless devices, from computers and phones to IP Cameras, smart TVs and connected appliances. In its latest study titled " SOHOpelessly Broken 2.0 ," Independent Security Evaluators (ISE) discovered a total of 125 different security vulnerabilities across 13 small office/home office (SOHO) routers and Network Attached Storage (NAS) de
Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor

Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor

May 14, 2019Mohit Kumar
Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or ๐Ÿ˜พ๐Ÿ˜พ๐Ÿ˜พ, the vulnerability, discovered by researchers from the security firm Red Balloon and identified as CVE-2019-1649, affects multiple Cisco products that support Trust Anchor module (TAm). Trust Anchor module (TAm) is a hardware-based Secure Boot functionality implemented in almost all of Cisco enterprise devices since 2013 that ensures the firmware running on hardware platforms is authentic and unmodified. However, researchers found a series of hardware design flaws that could allow an authenticated attacker to make the persistent modification to the Trust Anchor module via FPGA bitstream modification and load the malicious bootloader. "An attacker with root privileges on the device can modify the contents of
New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide

New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide

January 28, 2019Mohit Kumar
If the connectivity and security of your organization rely on Cisco RV320 or RV325 Dual Gigabit WAN VPN routers, then you need to immediately install the latest firmware update released by the vendor last week. Cyber attackers have actively been exploiting two newly patched high-severity router vulnerabilities in the wild after a security researcher released their proof-of-concept exploit code on the Internet last weekend. The vulnerabilities in question are a command injection flaw (assigned CVE-2019-1652) and an information disclosure flaw (assigned CVE-2019-1653), a combination of which could allow a remote attacker to take full control of an affected Cisco router. The first issue exists in RV320 and RV325 dual gigabit WAN VPN routers running firmware versions 1.4.2.15 through 1.4.2.19, and the second affects firmware versions 1.4.2.15 and 1.4.2.17, according to the Cisco's advisory . Both the vulnerabilities, discovered and responsibly reported to the company by German s
New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access

New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access

October 08, 2018Swati Khandelwal
A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought. A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year. The vulnerability, identified as CVE-2018-14847, was initially rated as medium in severity but should now be rated critical because the new hacking technique used against vulnerable MikroTik routers allows attackers to remotely execute code on affected devices and gain a root shell. The vulnerability impacts Winbox—a management component for administrators to set up their routers using a Web-based interface—and a Windows GUI application for the RouterOS software used by the MikroTik devices. The vulnerability allows "remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID.&qu
VPNFilter Router Malware Adds 7 New Network Exploitation Modules

VPNFilter Router Malware Adds 7 New Network Exploitation Modules

September 27, 2018Swati Khandelwal
Security researchers have discovered even more dangerous capabilities in VPNFilter —the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier. Attributed to Russia's APT 28, also known as 'Fancy Bear,' VPNFilter is a malware platform designed to infect routers and network-attached storage devices from 75 brands including Linksys, MikroTik, Netgear, TP-Link, QNAP, ASUS, D-Link, Huawei, ZTE, Ubiquiti, and UPVEL. In May, when VPNFilter infected half a million routers and NAS devices in 54 countries, the FBI seized a key command-and-control domain used by the malware and asked people to reboot their routers. Initially, it was found that VPNFilter had been built with multiple attack modules that could be deployed to the infected routers to steal website credentials and monitor industrial controls or SCADA systems, such as those used in electric grids, other infr
Destructive and MiTM Capabilities of VPNFilter Malware Revealed

Destructive and MiTM Capabilities of VPNFilter Malware Revealed

June 06, 2018Swati Khandelwal
It turns out that the threat of the massive VPNFilter botnet malware that was discovered late last month is beyond what we initially thought. Security researchers from Cisco's Talos cyber intelligence have today uncovered more details about VPNFilter malware, an advanced piece of IoT botnet malware that infected more than 500,000 routers in at least 54 countries, allowing attackers to spy on users, as well as conduct destructive cyber operations. Initially, it was believed that the malware targets routers and network-attached storage from Linksys, MikroTik, NETGEAR, and TP-Link, but a more in-depth analysis conducted by researchers reveals that the VPNFilter also hacks devices manufactured by ASUS, D-Link, Huawei, Ubiquiti, QNAP, UPVEL, and ZTE. "First, we have determined that are being targeted by this actor, including some from vendors that are new to the target list. These new vendors are. New devices were also discovered from Linksys, MikroTik, Netgear, and TP-L
FBI seizes control of a massive botnet that infected over 500,000 routers

FBI seizes control of a massive botnet that infected over 500,000 routers

May 24, 2018Swati Khandelwal
Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack. Yesterday we reported about a piece of highly sophisticated IoT botnet malware that infected over 500,000 devices  in 54 countries and likely been designed by Russia-baked state-sponsored group in a possible effort to cause havoc in Ukraine, according to an early report published by Cisco's Talos cyber intelligence unit on Wednesday. Dubbed VPNFilter by the Talos researchers, the malware is a multi-stage, modular platform that targets small and home offices (SOHO) routers and storage devices from Linksys, MikroTik, NETGEAR, and TP-Link, as well as network-access storage (NAS) devices. Meanwhile, the court documents unsealed in Pittsburgh on the same day indicate that the FBI has seized a key web domain communic
Researchers unearth a huge botnet army of 500,000 hacked routers

Researchers unearth a huge botnet army of 500,000 hacked routers

May 23, 2018Swati Khandelwal
More than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware, likely designed by Russia-baked state-sponsored group. Cisco's Talos cyber intelligence unit have discovered an advanced piece of IoT botnet malware, dubbed VPNFilter , that has been designed with versatile capabilities to gather intelligence, interfere with internet communications, as well as conduct destructive cyber attack operations. The malware has already infected over 500,000 devices in at least 54 countries, most of which are small and home offices routers and internet-connected storage devices from Linksys, MikroTik, NETGEAR, and TP-Link. Some network-attached storage (NAS) devices known to have been targeted as well. VPNFilter is a multi-stage, modular malware that can steal website credentials and monitor industrial controls or SCADA systems, such as those used in electric grids, other infrastructure and factori
Hackers are exploiting a new zero-day flaw in GPON routers

Hackers are exploiting a new zero-day flaw in GPON routers

May 23, 2018Mohit Kumar
Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven't yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild. Security researchers from Qihoo 360 Netlab have warned of at least one botnet operator exploiting a new zero-day vulnerability in the Gigabit-capable Passive Optical Network (GPON) routers, manufactured by South Korea-based DASAN Zhone Solutions. The botnet, dubbed TheMoon, which was first seen in 2014 and has added at least 6 IoT device exploits to its successor versions since 2017, now exploits a newly undisclosed zero-day flaw for Dasan GPON routers. Netlab researchers successfully tested the new attack payload on two different versions of GPON home router, though they didn't disclose details of the payload or release any further details of the new zero-day vulnerability to prevent more attacks. Th
A Simple Tool Released to Protect Dasan GPON Routers from Remote Hacking

A Simple Tool Released to Protect Dasan GPON Routers from Remote Hacking

May 08, 2018Swati Khandelwal
Since hackers have started exploiting two recently disclosed unpatched critical vulnerabilities found in GPON home routers, security researchers have now released an unofficial patch to help millions of affected users left vulnerable by their device manufacturer. Last week, researchers at vpnMentor disclosed details of—an authentication bypass (CVE-2018-10561) and a root-remote code execution vulnerability (CVE-2018-10562)—in many models of Gigabit-capable Passive Optical Network (GPON) routers manufacturer by South Korea-based DASAN Zhone Solutions. If exploited, the first vulnerability lets an attacker easily bypass the login authentication page just by appending ?images/ to the URL in the browser's address bar. However, when coupled with the second flaw that allows command injection, unauthenticated attackers can remotely execute malicious commands on the affected device and modified DNS settings, eventually allowing them to take full control of the device remotely.
APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware

APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware

March 09, 2018Swati Khandelwal
Security researchers at Kaspersky have identified a sophisticated APT hacking group that has been operating since at least 2012 without being noticed due to their complex and clever hacking techniques. The hacking group used a piece of advanced malware—dubbed Slingshot —to infect hundreds of thousands of victims in the Middle East and Africa by hacking into their routers. According to a 25-page report published [ PDF ] by Kaspersky Labs, the group exploited unknown vulnerabilities in routers from a Latvian network hardware provider Mikrotik as its first-stage infection vector in order to covertly plant its spyware into victims' computers. Although it is unclear how the group managed to compromise the routers at the first place, Kaspersky pointed towards WikiLeaks Vault 7 CIA Leaks , which revealed the ChimayRed exploit , now available on GitHub , to compromise Mikrotik routers. Once the router is compromised, the attackers replace one of its DDL (dynamic link libraries)
Wikileaks Unveils 'Cherry Blossom' โ€” Wireless Hacking System Used by CIA

Wikileaks Unveils 'Cherry Blossom' — Wireless Hacking System Used by CIA

June 15, 2017Swati Khandelwal
WikiLeaks has published a new batch of the ongoing Vault 7 leak , this time detailing a framework – which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices. Dubbed " Cherry Blossom ," the framework was allegedly designed by the Central Intelligence Agency (CIA) with the help of Stanford Research Institute (SRI International), an American nonprofit research institute, as part of its 'Cherry Bomb' project. Cherry Blossom is basically a remotely controllable firmware-based implant for wireless networking devices, including routers and wireless access points (APs), which exploits router vulnerabilities to gain unauthorized access and then replace firmware with custom Cherry Blossom firmware. "An implanted device [ called Flytrap ] can then be used to monitor the internet activity of and deliver software exploits to targets of interest." a leaked CIA manual  reads . "The wi
Netgear Now Collects Router 'Analytics Data' โ€” Hereโ€™s How to Disable It

Netgear Now Collects Router 'Analytics Data' — Here's How to Disable It

May 22, 2017Wang Wei
Is your router collects data on your network? Netgear last week pushed out a firmware update for its wireless router model NightHawk R7000 with a remote data collection feature that collects router's analytics data and sends it to the company's server. For now, the company has rolled out the firmware update for its NightHawk R7000, but probably other router models would receive the update in upcoming days. The Netgear's alleged router analytics data collects information regarding: Total number of devices connected to the router IP address MAC addresses Serial number Router's running status Types of connections LAN/WAN status Wi-Fi bands and channels Technical details about the use and functioning of the router and the WiFi network. The company said it is collecting the data for routine diagnostic to know how its products are used and how its routers behave. "Technical data about the functioning and use of our routers and their WiFi network
Beware! Dozens of Linksys Wi-Fi Router Models Vulnerable to Multiple Flaws

Beware! Dozens of Linksys Wi-Fi Router Models Vulnerable to Multiple Flaws

April 20, 2017Swati Khandelwal
Bad news for consumers with Linksys routers: Cybersecurity researchers have disclosed the existence of nearly a dozen of unpatched security flaws in Linksys routers, affecting 25 different Linksys Smart Wi-Fi Routers models widely used today. IOActive's senior security consultant Tao Sauvage and independent security researcher Antide Petit published a blog post on Wednesday, revealing that they discovered 10 bugs late last year in 25 different Linksys router models. Out of 10 security issues (ranging from moderate to critical), six can be exploited remotely by unauthenticated attackers. According to the researchers, when exploited, the flaws could allow an attacker to overload the router, force a reboot by creating DoS conditions, deny legitimate user access, leak sensitive data, change restricted settings and even plant backdoors. Many of the active Linksys devices exposed on the internet scanned by Shodan were using default credentials, making them susceptible to the
Check If Your Netgear Router is also Vulnerable to this Password Bypass Flaw

Check If Your Netgear Router is also Vulnerable to this Password Bypass Flaw

January 31, 2017Swati Khandelwal
Again bad news for consumers with Netgear routers: Netgear routers hit by another serious security vulnerability, but this time more than two dozens router models are affected. Security researchers from Trustwave are warning of a new authentication vulnerability in at least 31 models of Netgear models that potentially affects over one million Netgear customers. The new vulnerability, discovered by Trustwave's SpiderLabs researcher Simon Kenin, can allow remote hackers to obtain the admin password for the Netgear router through a flaw in the password recovery process. Kenin discovered the flaw ( CVE-2017-5521 ) when he was trying to access the management page of his Netgear router but had forgotten its password. Exploiting the Bug to Take Full Access on Affected Routers So, the researcher started looking for ways to hack his own router and found a couple of exploits from 2014 that he leveraged to discover this flaw which allowed him to query routers and retrieve thei
FTC Sues D-Link Over Failure to Secure Its Routers and IP Cameras from Hackers

FTC Sues D-Link Over Failure to Secure Its Routers and IP Cameras from Hackers

January 06, 2017Wang Wei
Image Source: Book - Protect Your Windows Network from Perimeter to Data The United States' trade watchdog has sued Taiwan-based D-link, alleging that the lax security left its products vulnerable to hackers. The Federal Trade Commission (FTC) filed a lawsuit ( pdf ) against D-Link on Thursday, arguing that the company failed to implement necessary security protection in its routers and Internet-connected security cameras that left "thousands of consumers at risk" to hacking attacks. The move comes as cyber criminals have been hijacking poorly secured internet-connected devices to launch massive DDoS attacks that can force major websites offline. Over two months back, a nasty IoT botnet, known as Mirai, been found infecting routers, webcams, and DVRs built with weak default passwords and then using them to DDoS major internet services. The popular Dyn DNS provider was one of the victims of Mirai-based attack that knocked down the whole internet for many users
Netgear launches Bug Bounty Program for Hacker; Offering up to $15,000 in Rewards

Netgear launches Bug Bounty Program for Hacker; Offering up to $15,000 in Rewards

January 06, 2017Mohit Kumar
It might be the easiest bug bounty program ever. Netgear launched on Thursday a bug bounty program to offer up to $15,000 in rewards to hackers who will find security flaws in its products. Since criminals have taken aim at a rapidly growing threat surface created by millions of new Internet of things (IoT) devices, it has become crucial to protect routers that contain the keys to the kingdom that connects the outside world to the IP networks that run these connected devices. To combat this issue, Netgear, one of the biggest networking equipment providers in the world, has launched a bug bounty program focusing on its products, particularly routers, wireless security cameras and mesh Wi-Fi systems. Bug bounty programs are cash rewards given by companies or organizations to white hat hackers and researchers who hunt for serious security vulnerabilities in their website or products and then responsibly disclose for the patch release. Also Read:   How Hackers Hack Bank Acco
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.