Security experts have discovered a critical new router vulnerability in some models of Inteno home routers that could allow remote malicious hackers to hijack the device and monitor all the internet traffic passing through it. According to F-Secure researchers, the flaw allows an attacker to install their own firmware to the device with back doors and other features to take complete control over the device.
If exploited, the remote hacker would potentially be “able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim’s browsing sessions by redirecting to malicious sites,” the researchers said While a router device usually receives firmware updates from the server associated with the user’s internet service provider (ISP), the vulnerable Inteno router models in this case do not validate the Auto Configuration Server (ACS) certificate (CWE-295). For the full article click here
from hacker samurai http://ift.tt/2bXJb3H
via IFTTT
No comments:
Post a Comment