Is Your Biggest Cyber Vulnerability Your Router?

Is Your Biggest Cyber Vulnerability Your Router?

TheBestVPN found vulnerabilities in several big name routers.

  • By Sydny Shepard
  • Aug 21, 2018

Internet routers could be affected by a major security flaw that could let hackers infiltrate your home network.

Research from TheBestVPN found vulnerabilities in routers from some of the biggest device manufacturers around today, including those from NetGear, D-Link and ZTE.

The research team found that all three contained software flaws that could allow malicious access, which TheBestVPN says could result in, "a complete takeover of your router".

The team says that the hack process is relatively straightforward, with the criminals simply needing to create a page with a basic JavaScript or html form. When a user clicks on this or lands on the webpage, external functionalities can be launched, allowing personal data can be exploited.

Craig Young, a computer security researcher for Tripwire’s Vulnerability and Exposure Research Team (VERT), says TheBestVPN is describing a multiple cross-site request forgery (CSRF) attack.

"The premise of CSRF is that an attacker can trigger a victim’s web browser to make HTTP requests to another web site without the target site recognizing that the request was forged," Young said. "In this case, the targeted web site would most likely be the web page for controlling router settings, but it could also be a server used for media streaming or file sharing. In most cases, a CSRF attack requires that the victim is logged into the vulnerable web site, but routers often have vulnerabilities which can be triggered by unauthenticated HTTP requests."

Since the devices are older, Young wonders if a security fix will be made available.

“A quick Google search indicates that these are all older devices which raises an interesting question of whether security fixes will be made available," Young said. "For a successful CSRF attack, the attacker needs to locate the victim’s router to relay an attack. An advanced user can thwart unsophisticated attempts to exploit these bugs by simply using a less common router address like 10.9.8.7 instead of 192.168.0.1. A more complete fix however would be to actively disable the HTTP management interface of the router so that it cannot be attacked.”

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Surveillance Cameras Provide Peace of Mind for New Florida Homeowners

    Managing a large estate is never easy. Tack on 2 acres of property and keeping track of the comings and goings of family and visitors becomes nearly impossible. Needless to say, the new owner of a $10 million spec home in Florida was eager for a simple way to monitor and manage his 15,000-square-foot residence, 2,800-square-foot clubhouse and expansive outdoor areas. Read Now

  • Survey: 72% of CISOs Are Concerned Generative AI Solutions Could Result In Security Breach

    Metomic recently released its “2024 CISO Survey: Insights from the Security Leaders Keeping Critical Business Data Safe.” Metomic surveyed more than 400 Chief Information Security Officers (CISOs) from the U.S. and UK to gain deeper insights on the state of data security. The report includes survey findings on various cybersecurity issues, including security leaders’ top priorities and challenges, SaaS app usage across their organization, and biggest concerns with implementing generative AI solutions. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3