Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

SOHO routers' security issues are again in the news

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 18, 2017

One more time, SOHO and home internet routers are again exhibiting lots of security issues.

Last year, millions of internet-facing devices, from home broadband routers to critical industrial equipment in production environments were still sharing well-known private keys for encrypting their internet communications.

Now it appears that Zyxel and Billion SOHO router units distributed in Thailand by TrueOnline have backdoors in them, and a security researcher who found the flaw says the vendors have ignored his attempts to notify users.

Long-time router security researcher Pablo Ribeiro went public with the news. He discovered default admin accounts and several command injection security vulnerabilities.

The three routers in question are the ZyXEL P660HN-T v1 (distributed up to 2013); the ZyXEL P660HN-T v2; and the Billion model 5200W-T, which is TrueOnline's current default unit for new customers.

The units all use the MIPS-based TC-3162U system-on-chip, manufactured by TrendChip (which has been acquired by Mediatek).

The vulnerable firmware is either the ZynOS-based “ras” (for low-power, small-memory units), or tclinux; and they use the BOA or Goahead Web server.

Ribeiro warns that his tests are specific to the Thai versions of the devices, but it's not likely to end there, he asserted.

About the hard-coded admin accounts, he writes-- “It should be noted that Tclinux contains files and configuration settings in other languages. For example, in Turkish. Therefore it is likely that these firmware versions are not specific to TrueOnline.”

He also warned that other ISP-customized routers in other countries could also be vulnerable as well.

Similarly, the command injection vulnerabilities probably affect units other than those sold in Thailand.

At this point, he writes, there is no fix. The only defence is that users may block any untrusted client to connect to the routers (on a best efforts basis).

Source: Pablo Ribeiro.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer