Vulnerability was found in firmware of more than 12 million routers, and all connected devices were targeted for attack

ByDeclan ™

A vulnerability was discovered in Allegro Software 's firmware, which is developing embedded software for network - related devices. There are more than 12 million routers installing Allegro's firmware, but if these routers are attacked, all the connected devices may be remote controlled or monitored It is necessary for the user using the corresponding model to deal with something right now.

Misfortune Cookie - Allegro Software Urges Manufacturers To Maintain Firmware for Highest Level of Embedded Device Security

The vulnerability was found inAllegro SoftwareFirmware provided by "Allegro RomPager"ofVersion 4.34 or earlier. The vulnerability discovered this time will allow hackers to send cookies that will destroy the memory of the device and allow them to deprive administrator privileges "Misfortune Cookie(Unfortunate cookie) ". Simply put, if a hacker attacks a router installing Allegro RomPager 4.34 or earlier version,SSLThere is a possibility that contents of plaintext traffic that is not, DNS settings are changed, and all devices connected to routers such as PCs and web cams are remotely controlled and monitored.

The big problem is the number of routers on which Allegro RomPager 4.34 or earlier version was installed. Companies that develop and sell hardware and softwareCheck Point, It turned out that routers including vulnerabilities cross over 200 models with over 12 million units. Routers whose vulnerabilities have been found include companies such as ASUS, Buffalo, Huawei, Linksys, D-Link, Edimax, TP-Link, ZTE, and ZyXEL.

Allegro RomPager 4.34 and earlier versions are used for many homes and home office routers, and it is possible to check if your router is applicable by referring to the PDF file on pages 3, 4, and 5 of the following URLList of possible vulnerability modelsYou can see it when you see.

Word Template - misfortune - cookie - suspected - vulnerable.pdf
(PDF file)

If your router has Allegro RomPager 4.34 or earlier version installed, you need to update the version. If you can not update it immediately, you should take measures by applying third party firmware or disabling HTTP or HTTPS communication of the device.

in Hardware, Posted by darkhorse_log