New SOHO router security audit uncovers over 60 flaws in 22 models

Some of the vulnerabilities could allow attackers to take over the affected devices

ISP-provided routers are full of security vulnerabilities

ISP-provided routers are full of security vulnerabilities

In yet another testament of the awful state of home router security, a group of security researchers uncovered more than 60 vulnerabilities in 22 router models from different vendors, most of which were distributed by ISPs to customers.

The researchers performed the manual security review in preparation for their master's thesis in IT security at Universidad Europea de Madrid in Spain. They published details about the vulnerabilities they found Sunday on the Full Disclosure security mailing list.

The flaws, most of which affect more than one router model, could allow attackers to bypass authentication on the devices; inject rogue code into their Web-based management interfaces; trick users into executing rogue actions on their routers when visiting compromised websites; read and write information on USB storage devices attached to the affected routers; reboot the devices, and more.

The vulnerable models listed by the researchers were: Observa Telecom AW4062, RTA01N, Home Station BHS-RTA and VH4032N; Comtrend WAP-5813n, CT-5365, AR-5387un and 536+; Sagem LiveBox Pro 2 SP and Fast 1201; Huawei HG553 and HG556a; Amper Xavi 7968, 7968+ and ASL-26555; D-Link DSL-2750B and DIR-600; Belkin F5D7632-4; Linksys WRT54GL; Astoria ARV7510; Netgear CG3100D and Zyxel P 660HW-B1A.

Some of the vulnerable Observa Telecom, Comtrend, ZyXEL and Amper models were distributed to customers by the Spanish ISP Telefonica. Vodafone also distributed one of the vulnerable Observa Telecom models, as well as the Huawei and Astoria ones.

The Sagem models were distributed by Orange, the Spanish ISP Jazztel distributed one of the Comtrend models and Ono, a Vodafone subsidiary in Spain, distributed the Netgear model.

Even though the group's research focused on routers that were given by ISPs to customers in Spain, some of the same models were likely distributed by ISPs in other countries as well.

Past research has shown that the security of ISP-provided routers is often worse than that of off-the-shelf ones. Many such devices are configured for remote administration to allow ISPs to remotely update their settings or troubleshoot connection problems. This exposes the routers' management interfaces along with any vulnerabilities in them to the Internet, increasing the risk of exploitation.

Even though ISPs have the ability to remotely update the firmware on the routers they distribute to customers, they often don't and in some cases the users can't do it either because they only have restricted access on the devices.

On the Observa Telecom RTA01N router, the Spanish research group found a hidden administrative account called admin with a hard-coded password that can be accessed via the Web-based management interface or via Telnet. Similar undocumented "backdoor" accounts have been found in other ISP-supplied routers in the past and were likely intended for remote support.

Twelve of the tested routers were vulnerable to cross-site request forgery (CSRF) attacks and in some cases it was possible to change their Domain Name System (DNS) configuration using the technique.

CSRF attacks use specifically crafted code inserted into malicious or compromised websites to force visitors' browsers to execute unauthorized actions on a different website. If the visitors are already authenticated on the targeted website, the action will be executed with their privileges.

The target website can also be a router's Web-based management interface that's only accessible over the local area network, in which case the user's browser allows the attacker to bridge the Internet and the LAN.

Security researchers recently uncovered a large-scale CSRF attack that targets over 40 router models and is designed to replace their primary DNS servers with a server controlled by hackers. Once that's done, the attackers can spoof any websites that users behind those routers try to access and can snoop on their Internet traffic.

Another serious flaw discovered by the Spanish researchers allows unauthenticated, external attackers to view, modify or delete files on USB storage devices connected to the Observa Telecom VH4032N, Huawei HG553, Huawei HG556a and Astoria ARV7510 routers. A similar vulnerability was identified in the past on popular Asus routers.

While some people could have claimed in the past that routers are not a target for attackers, that's no longer the case. There have been numerous large-scale attacks over the past several years that specifically targeted routers and other embedded devices: It's time for users to view their routers as more than magical boxes that give them Internet access.

Join the PC World newsletter!

Error: Please check your email address.

Tags Huawei TechnologiesLinksysonline safetyObserva TelecomZyxelbelkinD-LinkExploits / vulnerabilitiesintrusionComtrendSagemsecuritynetgear

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?