Extraneous Network Services Leave Home Routers Unsecure 63
An anonymous reader writes "Today's home routers include a multitude of extra functionality, such as the ability to act as a file and print server. An article from CNET shows how an attacker can use vulnerabilities in these services, such as buffer overflows, directory traversal, race conditions, command injections, and bad permissions to take over the router from the local network without knowing the administrative password. Some of the worst vulnerabilities were in undocumented, proprietary services that users cannot disable and allowed an attacker to achieve a root shell. The researchers who discovered the vulnerabilities will be demonstrating them at the Wall of Sheep and Wireless Village at DEF CON."
slownewsday (Score:5, Interesting)
Simpler than that... (Score:5, Interesting)
LOADS of routers are pwned far more easily than that, from simple SQL injection (either via query string or crafting get/post requests), or there's sometimes bootloaders that give *full* access to the filesystem via TFTP (you can download all init scripts for example), you can sometimes find undocumented manufacturer backdoor passwords which are hard coded, and there's lots of misconfigured routers and you can often rely on trivial stuff like default passwords and what not. Even in 2013 there's lots of routers and similar equipment that are sold or configured in a state that isn't far from swiss cheese...
It's rather easy to poke at the firmware and finding holes using binwalk and IDA Pro if you have basic RE knowledge.
To be clear (Score:5, Interesting)
I looked at some of the source code, and the bash commands they execute, and it looks like you have to be on the local (class C) lan in order to attack at least the Linksys beast (the 192.168.blah.blah sure looks like you can't get there from the WAN side), and if you have the services turned off, then you might be less vulnerable, and if you use hard, non-trivial, non-default passwords, that makes it harder too. I suppose it also helps if you have a router acting as a DNS server, after your WAN facing gateway, and the local DNS box not acting as the main switch (so to sum up, Gateway-DNS-Switch), with everything after the gateway as a Class C lan.