Home Routers Vulnerable to Remote Attack

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Saturday 2.8.2025 / 10:28

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - p2p software > home routers vulnerable to remote attack

Browse by topic

Forums

Start a new thread

Home Routers Vulnerable to Remote Attack

Jump to:

Posted

Message

jeffw224

Senior Member

20. January 2008 @ 07:16

Link to this message

The Register has a story on a design flaw in most home routers that allows attackers to remotely control the devices
and re-direct the user to fraudulent sites or turn the router into a zombie machine.

This flaw, discovered by Petko D. Petkov, is discussed in detail at his blog at GnuCitizen and there is also a FAQ.

The exploit works even if a user has changed the default password of the router.
And it works regardless the operating system or browser the computer connected to the device is running,
as long as it has a recent version of Adobe Flash installed.

The problem resides in Universal Plug and Play (UPnP) not using any authentication.
By exposing an end user to a malicious Flash file lurking on a website, attackers can use UPnP, to make significant modifications to the router.

Routers made by Linksys, Dlink and SpeedTouch have been confirmed to be vulnerable,
and other manufacturers' products are also likely susceptible to attack.

The only way to prevent an attack is to turn UPnP off.

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - p2p software > home routers vulnerable to remote attack


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.