12M Routers Vulnerable To Critical Hijacking Hack

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
You know, with this many vulnerable routers out there, chances are we all know someone using one.

The vulnerability resides in "RomPager" software, embedded into the residential gateway devices, made by a company known as AllegroSoft. Versions of RomPager prior to 4.34 contain a critical bug that allows attackers to send simple HTTP cookie files that corrupt device memory and hand over administrative control.
Click to expand...
 
Bah. Most of the devices on the list are cheapie-shit routers. Bargain-bin specials that nobody in their right mind should be buying anyhow.

TP-Link, D-Link, Zyxel, etc, etc.
 
I have a TP-Link router running as a WAP, which is connected to a D-Link router. Luckily neither of my devices are on the list. Yay.
 
MrPatate said:
Since when is D-Link cheap crap? Personnaly I've always had better result with them then Linksys.

Has the router market changed so much after I bought my DIR-655 a looooonng time ago?
Click to expand...

I have a 3 year old D-Link router that I never really think much about. I don't know the model number, but it's worked and after it was setup, I never had to do anything to mess with it. It doesn't need to be turned off and on to fix weird problems. It was pretty cheap from like a price thing, but without having to mess with it, I think it was a very good deal for the price.
 
Glad d-Link's gigabit DGL series (4100/4300/etc) are not on the list. Best soho routers ever ime.
 
I agree with MrPatate. ... My D-LINK DIR-655 has been the most reliable piece of electronics I've ever owned. I've had modems die, hard drives fail, video cards swap outs, monitors die, etc yet my DIR-655 still keeps on kicking. Before this router, I had Linksys and Belkin routers and I felt lucky if they lived a year before crapping out.
 
Chas said:
Bah. Most of the devices on the list are cheapie-shit routers. Bargain-bin specials that nobody in their right mind should be buying anyhow.

TP-Link, D-Link, Zyxel, etc, etc.
Click to expand...

You are aware that is like %99 of the population....
 
MrPatate said:
Since when is D-Link cheap crap? Personnaly I've always had better result with them then Linksys.

Has the router market changed so much after I bought my DIR-655 a looooonng time ago?
Click to expand...

D-link has always put out low end crud. The DIR-655 was a bright light in routers, but before that and after that, they haven't put out anything great.

Moved from a dying 655 to a Asus Dark Knight (RT-N66U) and it was great... until it started to overheat and get flaky.

However, after moving to a Mikrotik, I don't think I'll move back to anything else.
 
Using Engenius now but was using Linksys. Both have been solid and thankfully not on that list.
 
djgizmo said:
D-link has always put out low end crud. The DIR-655 was a bright light in routers, but before that and after that, they haven't put out anything great.

Moved from a dying 655 to a Asus Dark Knight (RT-N66U) and it was great... until it started to overheat and get flaky.

However, after moving to a Mikrotik, I don't think I'll move back to anything else.
Click to expand...

Is there a US supplier and how is their support?
 
Love my Edgerouter. Highly recommended. Back on topic though, many of those routers are on the low end so not a big surprise.
 
Why would HTTP port even be open to the public on a router anyway, unless it's forwarding to an internal web server? And how do you send a cookie to a HTTP server, isn't it usually a web page that "sends" it to the client?

Looks like I'm safe though. Using Pfsense and an Actiontec (for FTTH service) and those arn't in the list.
 
Going to file this under click bait. It sounds like the vulnerability occurred on devices manufactured between 2002 and 2005. Chances are most of your SOHO devices this would have affected probably died by now. The Linksys model affected uses B wireless.
 
You must log in or register to reply here.
Back
Top