Is your Linksys or Netgear router open to attack?
- 04 August, 2009 04:06
If you have a Linksys model WRT160N or Netgear RP614v4 router, it may be time to worry a little. At least according to a report out of Defcon from The Register. The vulnerability is based on CSRF, or cross-site request forgery, an issue with the cPanel web-based control software used to administrate the devices.
Basically, if you're logged into the router as an admin while you visit a seemingly benign site that contains a malicious cross-site request forgery, they can do all kinds of nasty stuff. They can change your admin login, load custom firmware, or change basically any setting they want.
cPanel is a fairly popular web-based hosting application, and of course companies like Linksys and Netgear often use similar code across a product line, so there may be quite a few other products compromised - the two mentioned above are just the two singled out by the security researchers.
Will it get fixed? Probably not. Researcher Mike Bailey is quoted saying, "The response I got from cPanel was we can't fix this because it's a feature. Apparently, they're worried it's going to break integration with third party billing software, so they can't fix this."
So if you use cPanel to administer your web site or router, for starters, only ever log in when you're not visiting any other websites and log out fully before you do anything else. The Register has more...