High Critical vulnerability has been discovered in this multifunctional device, quite popular all around the UK.
The problem:
The router can be totally owned remotely (Full Admin control).
Requirements:
The “victim” has to visit a malicious site. That’s it, no more no less, this could be easily done with a bit of Social engineering.
How:
Using an exploit to enable a backdoor.
What an attacker can do:
- Stealing VoIP credentials (Spying calls).
-Exposing internal hosts on the DMZ.
- Fake the DNS to steal bank credentials.
- Steal WEP/WPA key.
- Change the autoupdates to avoid this fix to be corrected.
and so on…
Here you are a little video showing it (Poor quality):
We have to thank all this information to GNUcitizen.
More details about the vulnerability here.
No Comments Yet
No comments yet.
Comments RSS TrackBack Identifier URI
Leave a comment
