New SOHO router security audit uncovers over 60 flaws in 22 models

Some of the vulnerabilities could allow attackers to take over the affected devices

ISP-provided routers are full of security vulnerabilities

ISP-provided routers are full of security vulnerabilities

In yet another testament of the awful state of home router security, a group of security researchers uncovered more than 60 vulnerabilities in 22 router models from different vendors, most of which were distributed by ISPs to customers.

The researchers performed the manual security review in preparation for their master's thesis in IT security at Universidad Europea de Madrid in Spain. They published details about the vulnerabilities they found Sunday on the Full Disclosure security mailing list.

The flaws, most of which affect more than one router model, could allow attackers to bypass authentication on the devices; inject rogue code into their Web-based management interfaces; trick users into executing rogue actions on their routers when visiting compromised websites; read and write information on USB storage devices attached to the affected routers; reboot the devices, and more.

The vulnerable models listed by the researchers were: Observa Telecom AW4062, RTA01N, Home Station BHS-RTA and VH4032N; Comtrend WAP-5813n, CT-5365, AR-5387un and 536+; Sagem LiveBox Pro 2 SP and Fast 1201; Huawei HG553 and HG556a; Amper Xavi 7968, 7968+ and ASL-26555; D-Link DSL-2750B and DIR-600; Belkin F5D7632-4; Linksys WRT54GL; Astoria ARV7510; Netgear CG3100D and Zyxel P 660HW-B1A.

Some of the vulnerable Observa Telecom, Comtrend, ZyXEL and Amper models were distributed to customers by the Spanish ISP Telefonica. Vodafone also distributed one of the vulnerable Observa Telecom models, as well as the Huawei and Astoria ones.

The Sagem models were distributed by Orange, the Spanish ISP Jazztel distributed one of the Comtrend models and Ono, a Vodafone subsidiary in Spain, distributed the Netgear model.

Even though the group's research focused on routers that were given by ISPs to customers in Spain, some of the same models were likely distributed by ISPs in other countries as well.

Past research has shown that the security of ISP-provided routers is often worse than that of off-the-shelf ones. Many such devices are configured for remote administration to allow ISPs to remotely update their settings or troubleshoot connection problems. This exposes the routers' management interfaces along with any vulnerabilities in them to the Internet, increasing the risk of exploitation.

Even though ISPs have the ability to remotely update the firmware on the routers they distribute to customers, they often don't and in some cases the users can't do it either because they only have restricted access on the devices.

On the Observa Telecom RTA01N router, the Spanish research group found a hidden administrative account called admin with a hard-coded password that can be accessed via the Web-based management interface or via Telnet. Similar undocumented "backdoor" accounts have been found in other ISP-supplied routers in the past and were likely intended for remote support.

Twelve of the tested routers were vulnerable to cross-site request forgery (CSRF) attacks and in some cases it was possible to change their Domain Name System (DNS) configuration using the technique.

CSRF attacks use specifically crafted code inserted into malicious or compromised websites to force visitors' browsers to execute unauthorized actions on a different website. If the visitors are already authenticated on the targeted website, the action will be executed with their privileges.

The target website can also be a router's Web-based management interface that's only accessible over the local area network, in which case the user's browser allows the attacker to bridge the Internet and the LAN.

Security researchers recently uncovered a large-scale CSRF attack that targets over 40 router models and is designed to replace their primary DNS servers with a server controlled by hackers. Once that's done, the attackers can spoof any websites that users behind those routers try to access and can snoop on their Internet traffic.

Another serious flaw discovered by the Spanish researchers allows unauthenticated, external attackers to view, modify or delete files on USB storage devices connected to the Observa Telecom VH4032N, Huawei HG553, Huawei HG556a and Astoria ARV7510 routers. A similar vulnerability was identified in the past on popular Asus routers.

While some people could have claimed in the past that routers are not a target for attackers, that's no longer the case. There have been numerous large-scale attacks over the past several years that specifically targeted routers and other embedded devices: It's time for users to view their routers as more than magical boxes that give them Internet access.

Join the PC World newsletter!

Error: Please check your email address.

Tags Huawei TechnologiesLinksysonline safetyObserva TelecomZyxelbelkinD-LinkExploits / vulnerabilitiesintrusionComtrendSagemsecuritynetgear

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?