• Best VPN
  • Research
  • Guides
  • News
  • VPN Reviews
    • Comparisons
  • Coupons
  • Contact
    • About us
  • EnglishEnglish
    • FrançaisFrançais
Facebook Twitter Instagram
Facebook Twitter Instagram
Your Trusted VPN Experts
  • Best VPN
  • Research
  • Guides
  • News
  • VPN Reviews
    • Comparisons
  • Coupons
  • Contact
    • About us
  • EnglishEnglish
    • FrançaisFrançais
Your Trusted VPN Experts
News

‘Misfortune’ Cookie Bug Puts 12 Millions Routers at Risk

Dan ParkerDan Parker
Share
Facebook Twitter Pinterest Email

According to a new report released by the infosec experts at Check Point Thursday morning, a new bug found in the guts of broadband routers around the globe could leave up to 12 million desktops, laptops, smartphones and tablets vulnerable to exploitation over the next six months.

The problem is the result of an error in HTTP cookie management that pops up whenever a user visits a webpage from their preferred device. This means that basically any device which uses the Internet through your home router is at risk, and marks one of the largest vulnerabilities discovered in the personal networking space to date.

Everything from D-Link to Huawei, Edimax, TP-Link, and ZTE routers are affected by the bug, many of which reside in some of the largest emerging low cost markets including China, India, and Russia.

“Attackers can send specially crafted HTTP cookies [to the gateway] that exploit the vulnerability to corrupt memory and alter the application and system state. This, in effect, can trick the attacked device to treat the current session with administrative privileges – to the misfortune of the device owner.”

The sheer magnitude of the number of available routers and ports that Misfortune Cookie can take advantage of is staggering, and proves that no matter how safe you think you are or how strong your firewall might be, there’s always going to be someone out there with the right set of tools designed to slip past when the big manufacturers finally let their guard down.

All told Check Point believes there are up to 200 affected models (all of which can be found listed in detail here), that will each need a full firmware flash in order to get running properly again.

A few of the models listed come with pre-built software designed to handle these types of threats, however they need to be manually activated, and customers will need to check their own equipment individually to find out if the option is available to them.

“We believe that devices exposing RomPager services with versions before 4.34 (and specifically 4.07) are vulnerable. Note that some vendor firmware updates may patch RomPager to fix Misfortune Cookie without changing the displayed version number, invalidating this as an indicator of vulnerability.”

For the time being, the one available workaround for the problem is to lock down your router’s public availability to ports on 80, 8080, 443, and 7547. That said, the researchers believe that a number of other connections could be affected, though they are still gathering early data sets that have yet to fully reveal the scope of how deep the Misfortune Cookie flaw really goes.

Must Read  Brave Bolsters Web Browser with Enhanced Privacy Features: Firewall and VPN

Check Point has petitioned RomPager to update AllegroSoft (though a proper release debuted in 2005, many major business and home networks have yet to install it for themselves). Until that happens, the researchers have warned that you should be explicitly aware of all the traffic coming to and from your routers, and more specifically, should be focusing closely on what ports are being used to transmit and receive information throughout the day.

Share. Facebook Twitter Pinterest LinkedIn Email
Previous ArticleHideMyAss launch revamped app with surprising new features
Next Article Visitors To High-Profile Websites Affected By Malvertising
Dan Parker

Dan is a technology reporter from San Jose, California, currently living right in the heart of Silicon Valley. Raised around tech, he's found interests in various gadgets and the companies that make them for years. When not blogging about tech, he can be found hunting for music, shredding the slopes in South Lake, or whipping up a dish for friends in the kitchen.

Related Posts

Proton VPN and Deutsche Welle join forces to circumvent online censorship

Brave Bolsters Web Browser with Enhanced Privacy Features: Firewall and VPN

A free VPN will soon be integrated into the Microsoft Edge web browser

NordVPN Birthday sale is on!

NordBF banner

Latest posts
  • Proton VPN and Deutsche Welle join forces to circumvent online censorship 03/24/2023
  • Brave Bolsters Web Browser with Enhanced Privacy Features: Firewall and VPN 03/23/2023
  • WireGuard VPN: everything you need to know about the fastest VPN protocol! 03/02/2023
  • A free VPN will soon be integrated into the Microsoft Edge web browser 02/23/2023
  • Why Your Business Needs A VPN Solution! 02/22/2023
Facebook Twitter Instagram Pinterest
  • About us
  • Contact
  • Privacy Policy
  • Sitemap
  • English
  • Français
© 2023 Copyright VPN Creative

Type above and press Enter to search. Press Esc to cancel.