Vulnerabilities in routers have become frequent in recent years, and routing vendors are often pointed out that there is a security problem with the equipment in store.
Last night, security research company Check Point claimed to have found a significant routing vulnerability that could allow attackers to control home and small business routers, and route to an intranet device. Check Point says the vulnerability affects at least 12 million routes produced by more than 20 routing vendors, including TP, Link, Huawei and other well-known vendors.
Given the breadth of the device that is affected by the vulnerability, this may be the most recent security issue that the router has been affected by, and Check Point is named "Doom Cookie" (misfortune cookie) and is online with a "Misfortune Cookie" special page to explain it.
What is a bad luck cookie?
Most of the router system is based on Linux customization, it has a number of services, components, such as ADSL dial-up, DHCP services. This doom cookie is found on a Rompager component that provides Web server services, developed by Allegro Software, a foreign company.
Allegro software, in response to Re/code, said the curse was a bug 12 years ago and was repaired 9 years ago. But many of Allegro's customers did not update the patch, a company with more than 300 customers who did not force these customers to use the latest (patched) versions.
By the way, Rompager components are used extensively on domestic routes and are often exposed to vulnerabilities, and TP and Huawei have been affected by several routes.
Is this loophole believable?
Credibility is high, because Rompager is really a lot of problems.
But the check point, which publishes the vulnerability, is mixed with a lot of marketing factors. Reddit said that although check point quickly released the vulnerable page, but this page did not write any details, but stressed that the use of Check Point firewall can be very good protection, it looks like a marketing advertisement.
In addition, Check point disclosure of the vulnerability code cve-2014-9222 also has not been approved by the U.S. National Information Security vulnerability platform, which looks very strange, like a book without books and periodicals issued, on the Reddit have suspected Check point people @jifatal Response, said the vulnerability platform will take some time to open.
How to protect?
1, change the router, this PDF has all the affected routing model;
2, close the route, gateway open ports, such as 80, 8080, 443, 7547, etc.;
3, waiting for the routing manufacturer's security update.