Published on March 22nd, 2015 📆 | 2651 Views ⚑0
‘Directory Traversal’ Flaw exposes 700,000 ADSL Routers provided by ISPs to remote hacking
Is your router vulnerable? At least 700,000 ADSL routers that ISPs gave to their customers are vulnerable to hacking
More than 700,000 ADSL routers provided to subscribers by ISPs around the world are vulnerable to remote hacking due to a flaw called ‘directory traversal’
The flaw was detected by Security researcher Kyle Lovett when he analysed some ADSL routers during his spare time. Upon investigation he found that hundreds of thousands of such routers made by different manufacturers, which are provided by ISPs may be vulnerable. The flaw isn’t new and has been reported by multiple researchers since 2011 in various router models. These routers have been distributed in countries such as Colombia, India, Argentina, Thailand, Moldova, Iran, Peru, Chile, Egypt, China and Italy. Some of these routers are also sold off the shelf in the United States and other countries.
The flaw that allows for the hacking to happen is called a “directory traversal” and appears in the router firmware component called webproc.cgi. A potential hacker can extract a config.xml file which contains the router’s configuration settings, the ISP connection username and password, the Wi-Fi password, and the client and server credentials for the TR-069 remote management protocol used by some ISPs.
The file also contains the password hashes for the administrator and other accounts on the device which can be easily hacked according to Lovett due to weak hashing algorithm.
Lovett found that all of these vulnerable routers were manufactured using firmware from Chinese company called Shenzhen Gongjin Electronics, which also does business under the trademark T&W. This company manufactures networking equipment for router vendors such as D-Link, Asus, Alcatel-Lucent, Belkin, ZyXEL and Netgear.
The identified router models were:
Observa Telecom BHS_RTA_R1A
As of now it is not known whether Shenzhen Gongjin Electronics knows about this vulnerability or has tried to patch it. Lovett has informed various manufacturers of routers listed above and disclosed the vulnerability at a security conference.