18 Apr 2013

Of-The-Shelf Routers Found Critically Vulnerable

Commercial routers were deemed vulnerable to authentication attacks that take complete control of router traffic.

Testing off-the-shelf routers from Linksys, Belkin, Netgear, Verizon and D-Link - all with the latest firmware updates - security company Independent Security Evaluators (ISE) found that traffic spoofing and complete control over DNS settings was possible in each case.

While some routers could only be compromised if attackers had access to the same network, others were remotely hacked with authentication credentials.

“Unfortunately, there is little the average end-user can do to fully mitigate these attacks,” according to the ISE study. “Successful mitigation often requires a level of sophistication and skill beyond that of the average user (and beyond that of the most likely victims).”

Small office networks that rely on such routers are still vulnerable to such attacks as vendors have not yet released firmware updates that address the found vulnerabilities. While the average user might lack the knowledge to configure out-of-the-box routers, network administrators are highly encouraged to disable remote configuration settings or services, such as FTP (File Transfer Protocol), UPnP (Universal Plug and Play) or (SMB Server Message Block), as they can be exploited by skilled attackers.

Arguing that deploying vulnerable routers on large networks might leave Internet Service Providers (ISPs) exposed to attacks, ISE believes strict policies and configurations should be enforced.

“So far we have acknowledged that users belonging to an affected router's domains are at risk, but if any ISP deploys a router at scale with these types of vulnerabilities—or has many customers using routers with these types of vulnerabilities—an adversary may leverage the vulnerabilities to directly attack the provider, core infrastructure, or other organizational targets, e.g., corporations and nation-states,” said ISE. “This also presents a large surface for new botnet deployment or command and control (C2) strategies to facilitate DDoS attacks and cybercrime activities.”

Models such as Linksys WRT310v2, Netgear's WNDR4700, TP-Link's WR1043N, Verizon's FiOS Actiontec MI424WR-GEN3I, D-Link's DIR865L and Belkin's N300, N900 and F5D8236-4 v2 were deemed vulnerable to authentication attacks caused by attackers who had access to the network.

Whether the affected routers will be soon patched via a firmware update has not yet been publicly disclosed. However, with proper configuration settings, network administrators and savvy users could successfully mitigate possible attacks.