CVE-2014-9222: 12 million home and business routers vulnerable to critical hijacking hack Bug exposes user data, as well as computers, Web cams, and other connected devices. More than 12 million routers in homes and small offices are vulnerable to attacks that allow hackers anywhere in the world to monitor user traffic and take administrative control over the devices, researchers said. The vulnerability resides in RomPager software, embedded into the residential gateway devices, made by a company known as AllegroSoft. Versions of RomPager prior to 4.34 contain a critical bug that allows attackers to send simple HTTP cookie files that corrupt device memory and hand over administrative control. Attackers can use that control to read plaintext traffic traveling over the device and possibly take other actions, including changing sensitive DNS settings and monitoring or controling Web cams, computers, or other connected devices. Researchers from Check Points malware and vulnerability group have dubbed the bug Misfortune Cookie, because it allows hackers to determine the fortune of an HTTP request by manipulating cookies. They wrote: Fonte: arstechnica/security/2014/12/12-million-home-and-business-routers-vulnerable-to-critical-hijacking-hack/ CVE-2014-9222: cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9222
Posted on: Tue, 23 Dec 2014 00:46:02 +0000
Trending Topics
Recently Viewed Topics
© 2015