Over 650,000 ADSL routers that are extremely vulnerable to hacking have been ousted to the public by ISP’s worldwide.
Of the numerous exposed flaws, one of the largest appears to be a directory traversal vulnerability which exists under a component under the name of webproc.cgi. This vulnerability allows hackers to gain access to admin credentials, potentially letting them steal data that’s important to the victim.
Perhaps the most astounding part of this story though, is that that researchers first discovered, and exposed this flaw back in 2011 but in only a select few models.
More recently though, a lone security researcher, Kyle Lovett, while analyzing some ADSL routers, uncovered this vulnerability in a huge amount of routers. After further investigation he ended up uncovering hundreds of thousands of susceptible devices located around the world.
Just taking a wild guess, this happened on such a large scale, and the problem was swept aside so long because of the ISP’s.
Most ISP’s provide customers (force them into using) their own ADSL modems, even if you want to use your perfectly good one. Maybe they have a deal with the NSA, some custom spy software installed maybe?
So it’s no wonder that by pushing these modems, there would be a mass risk for vulnerabilities to be exploited.
There’s actually more than just the webproc.cgi flaw though, there’s several other massive flaws.
Around 60 percent of the modems have a hidden account, supposedly for “support purposes” with a laughably easy to guess, hard coded password. These 60% of devices all share the same password.
For a quarter of the routers, hackers are able to take a snapshot of the modems active memory. Of course this is a big issue, because this memory can contain credentials for past visited website, in plain text.
Worst yet, Lovett was able to track down the IP addresses of hackers exploiting these vulnerabilities, and most of the addresses were coming from China.
An expected fix for these vulnerabilities has yet to be rolled out, but for the time being you can check to see if your modem is effected by looking at the list – here