Critical vulnerabilities in 13 models of home routers

Posted: April 19, 2013 in IT Security News
Tags: , , , , , ,

Critical vulnerabilities in routers

Critical vulnerabilities in routers

Critical vulnerabilities in routers Linksys, Belkin, Netgear, Verizon and D-Link

Independent Security Evaluators company released information about critical vulnerabilities in 13 popular models of home routers, Linksys, Belkin, Netgear, Verizon and D-Link. The critical vulnerability – is a vulnerability that allows an attacker to gain complete control over the configuration settings for your device.

Researchers at Independent Security Evaluators found partially uncovered the details of their holes.

The experts says, they have contacted the developer of devices and gave them the information necessary to create fixes. However, at Independent Security Evaluators have been slow to disclose a list of models of vulnerable devices or a detailed description of gaps.

At the same time, the company has provided a table that shows the results of operation of security breaches on different devices. Abbreviation for TBA in the table are hidden router models whose names it is too early to disclose.

Critical vulnerabilities in routers

Critical vulnerabilities in routers

Note that the trivial attacks (Trivial) researchers call such attacks that can be performed without user intervention, and attack without authentication (Unauthenticated) – with minimal when you want the user clicked on a link to a malicious site attacks. Attacks with authentication (Authenticated), in turn, imply that the victim will maintain an active session in the attack.

At the curent moment several of the vulnerabilities are numbered CVE. The list is as follows:

CVE-2013-2644: FTP Directory Traversal
CVE-2013-2645: Cross-Site Request Forgery
CVE-2013-2646: Denial of Service
CVE-2013-3064: Unvalidated URL Redirect
CVE-2013-3065: DOM Cross-Site Scripting
CVE-2013-3066: Information Disclosure
CVE-2013-3067: Cross-Site Scripting
CVE-2013-3068: Cross-Site Request Forgery
CVE-2013-3069: Cross-Site Scripting
CVE-2013-3070: Information Disclosure
CVE-2013-3071: Authentication Bypass
CVE-2013-3072: Unauthenticated Hardware Linking
CVE-2013-3073: SMB Symlink Traversal
CVE-2013-3074: Media Server Denial of Service

The report of Independent Security Evaluators can be found here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s