Old routers form a weak link in your network security

Old equipment comes with security issues that may never receive fixes from the manufacturer. Routers, the most important element in the modern home, are prone to becoming outdated since they are typically used longer than the manufacturer will provide support, making them a certain target for hackers.

A recent example comes with the discovery of three vulnerabilities in several routers from D-Link. The security bugs affect at least six models from the manufacturer and, exploited together, make the routers not too difficult to compromise. The bad news is that the equipment reached end of life, meaning that they no longer benefit from updates.

The flaws were reported by security researcher B?a?ej Adamczyk, who discovered them in firmware for D-Link’s DWR-116, DWR-512, DWR-712, DWR-912, DWR-921, and DWR-111. These are just the devices where all three vulnerabilities exist, but the list of affected gadgets is not limited to them.

One of the security glitches discovered by Adamczyk is a directory traversal (CVE-2018-10822) in the web interface that allows an attacker to retrieve arbitrary files; leveraging it would let a hacker access sensitive areas in the router’s system reserved for storing configuration data or the administrative password for logging into the router’s web-based management console.

Another weakness, CVE-2018-10824, is storing the access password in plain text in an easy-to-reach directory. Combined with the details above, an attacker can easily navigate to the location containing the sensitive information.

The third bug, CVE-2018-10823, is a shell command injection that lets an authenticated intruder execute the code of their choice and, ultimately, take full control of the router. Since the authentication part is already solved by leveraging the previous two bugs, the hacker has free rein on the device.

With proof-of-concept code and technical details available for all three faults, cybercriminals only have to integrate the exploitation method into their attacks, scan the internet for targets, and assume command over them.

In research published earlier this year, Johannes B Ullrich, dean of research at the SANS Technology Institute, found that automated attacks hit vulnerable gadgets every two minutes. The assault originates from devices that the attacker has taken over and tasked to recruit new victims into the botnet.

Outdated routers are the bread and butter of cybercriminals, who know that the effort to keep them patched with the latest security fixes is too much for most of us; furthermore, we rarely realize that we connect to the internet via a device whose support period has ended.

Image credit: D-Link