If you can, block these websites in your router. If these calls fail, the malware deletes itself under the assumption that it is being run in an isolated sandbox. One defense: The malware tries to learn the public IP address of an infected router by calling out to, , and. Only routers with a MIPS processor are vulnerable. That said, they are sure that it does DNS and HTTPS hijacking. They "have a narrow view" of the full extent of what the malware can do. Black Lotus Labs is the threat intelligence division of Lumen Technologies. The malware does not survive a re-boot of the router, so just as the home page of this site has suggested for a long time, periodic reboots are a good idea. They found infections in these routers: Cisco RV 320, 325 and 420, Asus RT-AC68U, RT-AC530, RT-AC68P and RT-AC1900U, DrayTek Vigor 3900 and some unspecified NETGEAR devices. Some routers can limit the LAN side devices that are allowed to communicate with the web interface. The routers are being hacked from the LAN side by malware running on Windows PCs. The malware seems to be using existing, known bugs to infect the routers. ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks The bug also exists in Asus routers, both those running ASUSWRT (factory installed firmware) and the open-source firmware alternative known as Asuswrt-Merlin.īeen fixed in AsusWrt-Merlin as of version 386.7.
FreshTomato issued a patch on May 6th.ĭD-WRT has not yet issued a patch. All three router firmware vendors were contacted on April 11, 2022. In each case, a specially crafted HTTP request can lead to memory corruption. The root cause in each case was a piece of code that had been taken from an open-source library owned by Broadcom.
Talos found three vulnerabilities in open-source router firmware packages. Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple productsīy Francesco Benvenuto of Cisco Talos July 27, 2022 2022ĭD-WRT and Asus can not be bothered fixing bugs Articles that offer security advice are listed on the Other router security advice page. The flaws that are exploited are documented on the Bugs page. I am still waiting for a good news story about routers. Routers in the news, pretty much means routers getting exploited by bad guys to do bad things.
0 kommentar(er)
