Thursday, August 27, 2015

Misfortune Cookie - Routers firmware vulnerability

Misfortune Cookie
Misfortune Cookie is a firmware vulnerability in many older routers.
Once the embedded software running the device is exploited, the attacker can gain administrative privileges and use the device to gather data, steal credentials or upload malicious files to networked devices.

When the flaw was discovered in late 2014, it had already been in existence for a decade. The source of the issue is an error in the HTTP cookie-management mechanism in the device software. All the attacker has to do is send a single packet containing a malicious HTTP cookie to begin an exploit.

Lior Oppenheim, a researcher for network and endpoint security vendor Check Point Software Technologies Ltd., discovered the flaw, officially known as CVE-2014-9222. According to Check Point, the vulnerability affects over 12 million affected devices in 200 different models.
Although there have not yet been any documented Misfortune Cookie router attacks, Check Point is publicizing the vulnerability as a wake-up call for small office and home (SOHO) networks and the embedded device industry.

Check Point provides a list of suspected vulnerable routers on their website.

.... detail article at TechTarget.


Share It

Popular Posts