#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

router security | Breaking Cybersecurity News | The Hacker News

Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers

Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers
Oct 17, 2023 Data Security / Network Security
A severity flaw impacting industrial cellular routers from Milesight may have been actively exploited in real-world attacks, new findings from VulnCheck reveal. Tracked as  CVE-2023-43261  (CVSS score: 7.5), the vulnerability has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.7 that could enable attackers to access logs such as httpd.log as well as other sensitive credentials. As a result, this could permit remote and unauthenticated attackers to gain unauthorized access to the web interface, thereby making it possible to configure VPN servers and even drop firewall protections. "This  vulnerability  becomes even more severe as some routers allow the sending and receiving of SMS messages," security researcher Bipin Jitiya, who discovered the issue,  said  earlier this month. "An attacker could exploit this functionality for fraudulent activities, potentially causing financial harm to the

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries
Jul 14, 2023 Network Security / Malware
A new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware  AVrecon , making it the third such strain to focus on SOHO routers after  ZuoRAT  and  HiatusRAT  over the past year. "This makes AVrecon one of the largest SOHO router-targeting botnets ever seen," the company  said . "The purpose of the campaign appears to be the creation of a covert network to quietly enable a range of criminal activities from password spraying to digital advertising fraud." A majority of the infections are located in the U.K. and the U.S., followed by Argentina, Nigeria, Brazil, Italy, Bangladesh, Vietnam, India, Russia, and South Africa, among others. AVrecon was  first highlighted  by Kaspersky senior security researcher Ye (Seth) Jin in May 2021, indicating that the malware has

Code Keepers: Mastering Non-Human Identity Management

Code Keepers: Mastering Non-Human Identity Management
Apr 12, 2024DevSecOps / Identity Management
Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models

ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models
Jun 20, 2023 Network Security / Vulnerability
Taiwanese company ASUS on Monday  released firmware updates  to address, among other issues, nine security bugs impacting a wide range of router models. Of the nine security flaws, two are rated Critical and six are rated High in severity. One vulnerability is currently awaiting analysis. The list of impacted products are GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. Topping the list of fixes are  CVE-2018-1160  and  CVE-2022-26376 , both of which are rated 9.8 out of a maximum of 10 on the CVSS scoring system. CVE-2018-1160 concerns a nearly five-year-old out-of-bounds write bug in Netatalk versions before 3.1.12 that could allow a remote unauthenticated attacker to achieve arbitrary code execution. CVE-2022-26376 has been described as a memory corruption vulnerability in the Asuswrt firmware that could be triggered by mean

WATCH: The SaaS Security Challenge in 90 Seconds

cyber security
websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers
Jan 18, 2023 Network Security
Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as  CVE-2022-4873  and  CVE-2022-4874 , concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router models NF20MESH, NF20, and NL1902 running firmware versions earlier than R6B035 . "The two vulnerabilities, when chained together, permit a remote, unauthenticated attacker to execute arbitrary code," the CERT Coordination Center (CERT/CC)  said  in an advisory published Tuesday. "The attacker can first gain unauthorized access to affected devices, and then use those entry points to gain access to other networks or compromise the availability, integrity, or confidentiality of data being transmitted from the internal network." Security researcher  Brendan Scarvell  has been credited with discovering and reporting the issues in October 2022. In a related developme

Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers

Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers
Jan 14, 2023 Network Security / Bug Report
Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit. The  issues  are rooted in the router's web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious commands on the underlying operating system. The most severe of the two is CVE-2023-20025 (CVSS score: 9.0), which is the result of improper validation of user input within incoming HTTP packets. A threat actor could exploit it remotely by sending a specially crafted HTTP request to vulnerable routers' web-based management interface to bypass authentication and obtain elevated permissions. The lack of adequate validation is also the reason behind the second flaw tracked as CVE-2023-20026 (CVSS score: 6.5), permitting an attacker with valid admin credentials to achieve root-level privi

TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control

TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control
Mar 17, 2022
Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. "By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds another persistence layer that helps malicious IPs evade detection by standard security systems," Microsoft's Defender for IoT Research Team and Threat Intelligence Center (MSTIC)  said . TrickBot, which emerged as a banking trojan in 2016, has evolved into a sophisticated and persistent threat, with its modular architecture enabling it to adapt its tactics to suit different networks, environments, and devices as well as offer access-as-a-service for next-stage payloads like Conti ransomware. The expansion to TrickBot's capabilities comes amid reports of its  infrastructure goin

Critical Flaws Discovered in Cisco Small Business RV Series Routers

Critical Flaws Discovered in Cisco Small Business RV Series Routers
Feb 03, 2022
Cisco has patched multiple critical  security vulnerabilities  impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs. Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers. Additionally, the flaws could be exploited to bypass authentication and authorization protections, retrieve and run unsigned software, and even cause denial-of-service (DoS) conditions. The networking equipment maker acknowledged that it's "aware that proof-of-concept exploit code is available for several of the vulnerabilities" but didn't share any further specifics on the nature of the exploit or the identity of the threat actors that may be exploiting them. CVE-2022-20699

High-Severity RCE Flaw Disclosed in Several Netgear Router Models

High-Severity RCE Flaw Disclosed in Several Netgear Router Models
Sep 22, 2021
Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Traced as  CVE-2021-40847  (CVSS score: 8.1), the security weakness impacts the following models - R6400v2 (fixed in firmware version 1.0.4.120) R6700 (fixed in firmware version 1.0.2.26) R6700v3 (fixed in firmware version 1.0.4.120) R6900 (fixed in firmware version 1.0.2.26) R6900P (fixed in firmware version 3.3.142_HOTFIX) R7000 (fixed in firmware version 1.0.11.128) R7000P (fixed in firmware version 1.3.3.142_HOTFIX) R7850 (fixed in firmware version 1.0.5.76) R7900 (fixed in firmware version 1.0.4.46) R8000 (fixed in firmware version 1.0.4.76) RS400 (fixed in firmware version 1.5.1.80) According to GRIMM security researcher Adam Nichols, the vulnerability resides within Circle , a third-party component included in the firmware that offer

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed
Aug 20, 2021
A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019. Tracked as CVE-2021-34730 (CVSS score: 9.8), the issue resides in the routers' Universal Plug-and-Play (UPnP) service, enabling an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability, which the company said is due to improper validation of incoming UPnP traffic, could be abused to send a specially-crafted UPnP request to an affected device, resulting in remote code execution as the root user on the underlying operating system. "Cisco has not released and will not release software updates to address the vulnerability," the company  noted  in an advisory published Wednesday. "The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have  entered the end-of-life process .

Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers

Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers
Aug 10, 2021
Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as  CVE-2021-20090  (CVSS score: 9.9), the  weakness  concerns a  path traversal vulnerability  in the web interfaces of  routers with Arcadyan firmware  that could allow unauthenticated remote attackers to bypass authentication. Disclosed by Tenable on August 3, the issue is believed to have existed for at least 10 years, affecting at least 20 models across 17 different vendors, including Asus, Beeline, British Telecom, Buffalo, Deutsche Telekom, Orange, Telstra, Telus, Verizon, and Vodafone. Successful exploitation of the vulnerability could enable an attacker to circumvent authentication barriers and potentially gain access to sensitive information, including valid request tokens, which could be used to make re

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers
Jul 01, 2021
Cybersecurity researchers have detailed critical security vulnerabilities affecting  NETGEAR DGN2200v1 series routers , which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three  HTTPd  authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.60, and have since been  fixed by the company  in December 2020 as part of a coordinated vulnerability disclosure process. "The rising number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems are examples of attacks initiated outside and below the operating system layer," Microsoft 365 Defender Research Team's Jonathan Bar Or  said . "As these types of attacks become more common, users must look to secure even the single-purpose software that run their hardware—like routers." In a nutshell, the flaws allow accessing router management pa

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers
Dec 08, 2020
Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three security shortcomings were responsibly disclosed to D-Link on August 11, which, if exploited, could allow remote attackers to execute arbitrary commands on vulnerable networking devices via specially-crafted requests and even launch denial-of-service attacks. D-Link DSR-150, DSR-250, DSR-500, and DSR-1000AC and other VPN router models in the DSR Family running firmware version 3.14 and 3.17 are vulnerable to the remotely exploitable root command injection flaw. The Taiwanese networking equipment maker  confirmed  the issues in an advisory on December 1, adding that the patches were under development for two of three flaws, which have now been released to the public at the time of writing. "

Former Uber Security Chief Charged Over Covering Up 2016 Data Breach

Former Uber Security Chief Charged Over Covering Up 2016 Data Breach
Aug 20, 2020
The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan , for covering up a massive data breach that the ride-hailing company suffered in 2016. According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that also involved paying hackers $100,000 ransom to keep the incident secret. "A criminal complaint was filed today in federal court charging Joseph Sullivan with obstruction of justice and misprision of a felony in connection with the attempted cover-up of the 2016 hack of Uber Technologies," it says. The 2016 Uber's data breach exposed names, email addresses, phone numbers of 57 million Uber riders and drivers, and driver license numbers of around 600,000 drivers. The company revealed this information to the public almost a year later in 2017, immediately after Su

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices
Mar 24, 2020
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt , a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982 , the vulnerability resides in the OPKG package manager of OpenWrt that exists in the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index. While an 'opkg install' command is invoked on the victim system, the flaw could allow a remote man-in-the-middle attacker in a position to intercept the communication of a targeted device to execute arbitrary code by tricking the system into installing a malicious package or software update without verification. If exploited successfully, a remote attacker could gain complete control over the targeted OpenWrt network device, and subsequently, over the netwo

D-Link Agrees to 10 Years of Security Audits to Settle FTC Charges

D-Link Agrees to 10 Years of Security Audits to Settle FTC Charges
Jul 03, 2019
Taiwanese networking equipment manufacturer D-Link has agreed to implement a "comprehensive software security program" in order to settle a Federal Trade Commission (FTC) lawsuit alleging that the company didn't take adequate steps to protect its consumers from hackers. Your wireless router is the first line of defense against potential threats on the Internet. However, sadly, most widely-used routers fail to offer necessary security features and have often found vulnerable to serious security flaws, eventually enabling remote attackers to unauthorizedly access networks and compromise the security of other devices connected to it. In recent years, the security of wireless networks has been more of a hot topic due to cyber attacks, as well as has gained headlines after the discovery of critical vulnerabilities—such as authentication bypass , remote code execution , hard-coded login credentials , and information disclosure—in routers manufactured by various brands.

Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released

Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released
Apr 09, 2019
A cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it. Currently used by millions of consumers in the United States, Verizon Fios Quantum Gateway Wi-Fi routers have been found vulnerable to three security vulnerabilities, identified as CVE-2019-3914, CVE-2019-3915, and CVE-2019-3916. The flaws in question are authenticated command injection (with root privileges), login replay , and password salt disclosure vulnerabilities in the Verizon Fios Quantum Gateway router (G1100), according to technical details Chris Lyne, a senior research engineer at Tenable, shared with The Hacker News. Authenticated Command Injection Flaw (CVE-2019-3914) When reviewing the log file on his router, Chris noticed that the "Access Control" rules in the Firewall settings, availabl

Netgear Now Collects Router 'Analytics Data' — Here's How to Disable It

Netgear Now Collects Router 'Analytics Data' — Here’s How to Disable It
May 22, 2017
Is your router collects data on your network? Netgear last week pushed out a firmware update for its wireless router model NightHawk R7000 with a remote data collection feature that collects router's analytics data and sends it to the company's server. For now, the company has rolled out the firmware update for its NightHawk R7000, but probably other router models would receive the update in upcoming days. The Netgear's alleged router analytics data collects information regarding: Total number of devices connected to the router IP address MAC addresses Serial number Router's running status Types of connections LAN/WAN status Wi-Fi bands and channels Technical details about the use and functioning of the router and the WiFi network. The company said it is collecting the data for routine diagnostic to know how its products are used and how its routers behave. "Technical data about the functioning and use of our routers and their WiFi network

Beware! Dozens of Linksys Wi-Fi Router Models Vulnerable to Multiple Flaws

Beware! Dozens of Linksys Wi-Fi Router Models Vulnerable to Multiple Flaws
Apr 20, 2017
Bad news for consumers with Linksys routers: Cybersecurity researchers have disclosed the existence of nearly a dozen of unpatched security flaws in Linksys routers, affecting 25 different Linksys Smart Wi-Fi Routers models widely used today. IOActive's senior security consultant Tao Sauvage and independent security researcher Antide Petit published a blog post on Wednesday, revealing that they discovered 10 bugs late last year in 25 different Linksys router models. Out of 10 security issues (ranging from moderate to critical), six can be exploited remotely by unauthenticated attackers. According to the researchers, when exploited, the flaws could allow an attacker to overload the router, force a reboot by creating DoS conditions, deny legitimate user access, leak sensitive data, change restricted settings and even plant backdoors. Many of the active Linksys devices exposed on the internet scanned by Shodan were using default credentials, making them susceptible to the

FTC Sues D-Link Over Failure to Secure Its Routers and IP Cameras from Hackers

FTC Sues D-Link Over Failure to Secure Its Routers and IP Cameras from Hackers
Jan 06, 2017
Image Source: Book - Protect Your Windows Network from Perimeter to Data The United States' trade watchdog has sued Taiwan-based D-link, alleging that the lax security left its products vulnerable to hackers. The Federal Trade Commission (FTC) filed a lawsuit ( pdf ) against D-Link on Thursday, arguing that the company failed to implement necessary security protection in its routers and Internet-connected security cameras that left "thousands of consumers at risk" to hacking attacks. The move comes as cyber criminals have been hijacking poorly secured internet-connected devices to launch massive DDoS attacks that can force major websites offline. Over two months back, a nasty IoT botnet, known as Mirai, been found infecting routers, webcams, and DVRs built with weak default passwords and then using them to DDoS major internet services. The popular Dyn DNS provider was one of the victims of Mirai-based attack that knocked down the whole internet for many users

MIT Researchers Solve the Spectrum Crunch to make Wi-Fi 10 times Faster

MIT Researchers Solve the Spectrum Crunch to make Wi-Fi 10 times Faster
Aug 24, 2016
While using your cell phone at a massive public event, like a concert, conference, or sporting event, you have probably experienced slow communication, poor performance or slow browsing speeds, as crowds arrive. That's because of ' Spectrum Crunch ', which means, Interference of WiFi signals with each other. WiFi signals of all cell-phones in a large event interfere with each other because they are all fighting over the same limited spectrum but there is not enough bandwidth to handle all the traffic from the cellphones that are trying to use the same frequency slice at the same time, leaving them frustrated with painfully slow Internet access. However, a team of researchers from the MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) has developed a solution for this problem. In a new research paper, 'Real-time Distributed MIMO Systems,' published online this week, the MIT team described a system for managing networks that cause the WiFi
Cybersecurity Resources