Hacking SOHO Routers

Home / Hacking, News, Security / Hacking SOHO Routers

May 18, 2008 PlanetCreator 0 Comments 0 tags

The purpose of this paper is to outline the security measures being taken by vendors to prevent such attacks in their home routing products, what those security measures accomplish, and where they fall short. We will use existing network tools to examine common vulnerabilities in a range of popular devices and demonstrate weaknesses in the security of those devices; additionally, we will examine common trends in security measures that have been duplicated across vendors, and examine how those trends help and hinder the security of their devices. In particular, we will examine the following home routers, which are some of the latest offerings from their respective vendors at the time of this writing:
* Linksys WRT160N
* D-Link DIR-615
* Belkin F5D8233-4v3
* ActionTec MI424-WR

The original article can be found at: http://www.sourcesec.com/Lab/soho_router_report.pdf

Conclusion:
Router manufacturers are increasing the security of their devices, however, home router security still has a long road ahead of it. Below is a table listing each of the devices and their associated, reasonably exploitable, vulnerabilities mentioned in this paper; these types of vulnerabilities must be considered by all vendors, and should be investigated by any consumer before purchasing a router.

Explore More

Critical Blind SQL Injection (vulnerability) in The Best Myanmar Website (burmeseclassic.com)

PlanetCreator has reported another critical Blind SQL Injection (vulnerability) on http://www.burmeseclassic.com/ This vulnerability has been alerted to :- Webmaster of BurmeseClassic Applications: â€”â€”â€”â€” PlanetCreatorâ€™s_Universal_Advanced_Internet_Security_T00L System Time: â€”â€”â€”â€” (UTC+08:00) Yangoon, Myanmar

[Tut/Sources] References to poly/meta/permutation

Articles: Polymorphic engines – Trigger – SLAM #4 Code: http://vx.netlux.org/lib/static/vdat/tupoleng.htm Polymorphism ant Intel instruction format – LiTlLe VxW â€“ 29A #7 Code: http://vx.netlux.org/29a/29a-7/Articles/29A-7.027 Guide to improving Polymorphic Engines – Rogue

What Is a Hacker?

Hacker is one of those terms that has a different meaning depending on who uses it. Among programmers, to be a hacker is to be a star. Hackers are programming

[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
on November 15, 2024 at 12:00 am
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
on October 1, 2024 at 12:00 am
reNgine 2.2.0 - Command Injection (Authenticated)
[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
on October 1, 2024 at 12:00 am
dizqueTV 1.5.3 - Remote Code Execution (RCE)
[webapps] openSIS 9.1 - SQLi (Authenticated)
on October 1, 2024 at 12:00 am
openSIS 9.1 - SQLi (Authenticated)
[dos] Windows TCP/IP - RCE Checker and Denial of Service
on August 28, 2024 at 12:00 am
Windows TCP/IP - RCE Checker and Denial of Service