Popular Router Brands Vulnerable, Metasploit Module Available
A number of highly popular router brands including Linksys, D-Link and Netgear, can be exploited to allow administrative access over the device.
Although mainly used for home networking, these devices are often deployed in companies in non-critical infrastructures (for wireless networks for guests not interconnected with the corporate network) being less expensive than their professional counterparts.
According to security researcher Phil Purviance, a number of Linksys routers are vulnerable to cross-site scripting vulnerability on the router apply.cgi page, a file path transversal vulnerability, a source code disclosure issue, and lack of cross-site request forgery validation.
“During my research process, I thought it would be good to take a look at how Cisco’s newer devices (editor’s note: Linksys has been sold to Cisco in 2003, who sold it back to Belkin International in March) did in regards to securing their administration features,” Purviance wrote in a blog post. “I chose the Linksys EA2700 Network Manager N600 Wi-Fi Wireless-N Router because it is a major brand device, and was recently released in March 2012, making it an easy choice for home users looking for an easy to use home Wi-Fi router. I hooked it up and spent maybe 30 minutes testing the security of the embedded website used to manage the device, then never used it again.”
Meanwhile, the team at Metasploit vendor Rapid7 has issued a module for exploiting Netgear and D-Link models. This module can be used to automate the creation of exploits for penetration testing purposes, but can also allow a remote attacker to hijack the router and replace its original firmware with a compromised one.
Unlike operating systems, embedded devices rarely, if ever, get firmware updates. This gives cyber-crooks a larger window of opportunity in which the home user is completely vulnerable. You should check your router model to see if your firmware is affected and patch it immediately if a newer version is available. If not, you should probably consider installing a customized, actively-maintained firmware such as DD-WRT or OpenWRT.