New SOHO router security audit uncovers over 60 flaws in 22 models

Some of the vulnerabilities could allow attackers to take over the affected devices

ISP-provided routers are full of security vulnerabilities

ISP-provided routers are full of security vulnerabilities

In yet another testament of the awful state of home router security, a group of security researchers uncovered more than 60 vulnerabilities in 22 router models from different vendors, most of which were distributed by ISPs to customers.

The researchers performed the manual security review in preparation for their master's thesis in IT security at Universidad Europea de Madrid in Spain. They published details about the vulnerabilities they found Sunday on the Full Disclosure security mailing list.

The flaws, most of which affect more than one router model, could allow attackers to bypass authentication on the devices; inject rogue code into their Web-based management interfaces; trick users into executing rogue actions on their routers when visiting compromised websites; read and write information on USB storage devices attached to the affected routers; reboot the devices, and more.

The vulnerable models listed by the researchers were: Observa Telecom AW4062, RTA01N, Home Station BHS-RTA and VH4032N; Comtrend WAP-5813n, CT-5365, AR-5387un and 536+; Sagem LiveBox Pro 2 SP and Fast 1201; Huawei HG553 and HG556a; Amper Xavi 7968, 7968+ and ASL-26555; D-Link DSL-2750B and DIR-600; Belkin F5D7632-4; Linksys WRT54GL; Astoria ARV7510; Netgear CG3100D and Zyxel P 660HW-B1A.

Some of the vulnerable Observa Telecom, Comtrend, ZyXEL and Amper models were distributed to customers by the Spanish ISP Telefonica. Vodafone also distributed one of the vulnerable Observa Telecom models, as well as the Huawei and Astoria ones.

The Sagem models were distributed by Orange, the Spanish ISP Jazztel distributed one of the Comtrend models and Ono, a Vodafone subsidiary in Spain, distributed the Netgear model.

Even though the group's research focused on routers that were given by ISPs to customers in Spain, some of the same models were likely distributed by ISPs in other countries as well.

Past research has shown that the security of ISP-provided routers is often worse than that of off-the-shelf ones. Many such devices are configured for remote administration to allow ISPs to remotely update their settings or troubleshoot connection problems. This exposes the routers' management interfaces along with any vulnerabilities in them to the Internet, increasing the risk of exploitation.

Even though ISPs have the ability to remotely update the firmware on the routers they distribute to customers, they often don't and in some cases the users can't do it either because they only have restricted access on the devices.

On the Observa Telecom RTA01N router, the Spanish research group found a hidden administrative account called admin with a hard-coded password that can be accessed via the Web-based management interface or via Telnet. Similar undocumented "backdoor" accounts have been found in other ISP-supplied routers in the past and were likely intended for remote support.

Twelve of the tested routers were vulnerable to cross-site request forgery (CSRF) attacks and in some cases it was possible to change their Domain Name System (DNS) configuration using the technique.

CSRF attacks use specifically crafted code inserted into malicious or compromised websites to force visitors' browsers to execute unauthorized actions on a different website. If the visitors are already authenticated on the targeted website, the action will be executed with their privileges.

The target website can also be a router's Web-based management interface that's only accessible over the local area network, in which case the user's browser allows the attacker to bridge the Internet and the LAN.

Security researchers recently uncovered a large-scale CSRF attack that targets over 40 router models and is designed to replace their primary DNS servers with a server controlled by hackers. Once that's done, the attackers can spoof any websites that users behind those routers try to access and can snoop on their Internet traffic.

Another serious flaw discovered by the Spanish researchers allows unauthenticated, external attackers to view, modify or delete files on USB storage devices connected to the Observa Telecom VH4032N, Huawei HG553, Huawei HG556a and Astoria ARV7510 routers. A similar vulnerability was identified in the past on popular Asus routers.

While some people could have claimed in the past that routers are not a target for attackers, that's no longer the case. There have been numerous large-scale attacks over the past several years that specifically targeted routers and other embedded devices: It's time for users to view their routers as more than magical boxes that give them Internet access.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags D-LinkLinksysonline safetynetgearintrusionbelkinZyxelExploits / vulnerabilitiesHuawei TechnologiesComtrendObserva TelecomSagem

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Bitdefender 2019

Taking cybersecurity to the highest level and order now for a special discount on the world’s most awarded and trusted cybersecurity. Be aware without a care!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?