-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Millions of routers vulnerable to web attack
- Thread starter tyler811
- Start date
Gunslinger08
Lifer
The explanation of the exploit doesn't make any sense to me. Anybody have a better one?
BoberFett
Lifer
Doing a bit of reading, it sounds like DD-WRT, Tomato and the like may be vulnerable as well. I'm trying to find a better explanation of the exploit, appears to be a weakness of the built-in web server used for the web interface. The only recommendation seems to be to change the default admin password. Well duh.
DaveSimmons
Elite Member
Successful at being hacked, if you're stupid enough to leave your router set to the factory default password.
So: change the password and you can ignore the FUD.
So: change the password and you can ignore the FUD.
my TP Link router isn't on the list.
pontifex
Lifer
it mentions that even if the password is changed, vulnerabilities with the front-end can still let them in.
DaveSimmons
Elite Member
True, but that moves it from the hack they actually accomplished into "it still should be possible" territory.
Unless I misread it they only didn't bother to do any hacking of routers with changed passwords.
Rubycon
Madame President
That reminds me I need to change the combination on my grip!
http://www.youtube.com/watch?v=K95SXe3pZoY
😀
http://www.youtube.com/watch?v=K95SXe3pZoY
😀
lord_emperor
Golden Member
Even if it's fixed, good luck getting grandma to update her router firmware.
yhelothar
Lifer
Wow aren't you so wise hiding behind your hindsight.
Why else would there be a point in changing your router default password? It's not like someone on your network is going to hack into your router.
Miramonti
Lifer
Who's "you"?...everyone that buys their routers at Best Buy? Nah, the masses can't be that stupid...
StrangerGuy
Diamond Member
Slighty OT: How long does it takes to crack WEP/WPA?
tyler811
Diamond Member
Yes JJsole they are. I cannot tell you how many people I run into that buy products at BB and actually Geek Squad then call me to straighten things out. The money they throw away on anti virus and firewalls when all that is free on line.
When I tried out WEP for fun it took <15 minutes once I found the right wifi card. Didn't try WPA as I understand its basically just a dictionary attack
I will say some of the setups I have seen on routers have gotten a lot better. There were a couple I recently setup for friends that had prompted you to secure the network and change the password.
dfuze
Lifer
I thought I read an online security article a while back that said it could be done in a few minutes
Modelworks
Lifer
I believe this is the exploit that involves UPNP. It can work by just visiting a page that executes any code on the pc side. You go to a flash site, the flash code executes on your pc and sends a UPNP request to the router. UPNP does not require a password. Once the malware sends the request it can open ports, change DNS and many other things.
If you want to know how vulnerable your router is, download PNP tools.
http://opentools.homeip.net/dev-tools-for-upnp
After install run device spy
That will list all the pnp devices on the network
Find your router and click through the various folders
Anything with a purple icon can be done via PNP without your consent.
You can double click a purple icon to bring up a window that will let you execute the function
If you want to know how vulnerable your router is, download PNP tools.
http://opentools.homeip.net/dev-tools-for-upnp
After install run device spy
That will list all the pnp devices on the network
Find your router and click through the various folders
Anything with a purple icon can be done via PNP without your consent.
You can double click a purple icon to bring up a window that will let you execute the function
Last edited:
I don't even think Linksys and Dlink routers can be updated. It will do something for a bit then say "update failed" every single time.
Anubis
No Lifer
yea id like to know that as well, i have 2 in my house that are chained together, 1 is listed as No and other other as Yes
lol
gorcorps
aka Brandon
flexy
Diamond Member
You would be surprised how many people have some home-network with a wireless router...but dont even KNOW that there is an admin interface, let alone router settings or passwords...
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
-
-
