Vulnerability in ADSL modem router: thousands of models at risk

Discovered a vulnerability in well 700 000 different models of ADSL modem router used in various countries, by telephone operators and ISP services.

As discovered by a security expert and researcher many ADSL modem router distributed by telephone operators directly to their subscribers ADSL ISP, presenting a problem of vulnerability, and then may be subject to attacks from remote.

ADSL Modem Router firmware security problem

ADSL Modem Router firmware security problem

Globally, the problem is present on about 700,000 models sold in recent years and the vulnerability has been identified in hardware routers but not in their firmware, in more detail in the file software webpro.cgi that can be attached and subsequently allows the exploitation File config.xml , that many will have already realized, it contains all the information and connection parameters of the router.

Being able to access the file config.xml attackers may change the connection data such as change in the parameters of the router DNS , which could redirect unsuspecting users on web pages full of malware and viruses that could be used in turn to understand personal information, account, bank details and so on.

Criminals may also steal your password is your normal ADSL Wifi and then get into your home network wireless and steal images, documents, video and so on.

But unfortunately the bad news does not end here; exploiting the same vulnerability hackers may also steal the contents of the dump files , temporary files that are inside of the router, and then steal personal account password you use to access the forums, social networks, websites.

Some of the modem router already known and at risk unless a future firmware upgrade, are the model ZTE H108N and H108NV2.1, the D-Link 2750E, 2730E and 2730U, the Sitecom WLM-3600, WLR-6100 and WLR-4100, FiberHome the HG110, Planet ADN4101, Digisol DG-BG4011N and Observa Telecom BHS_RTA_R1A; Unfortunately, some names may change from country to country and therefore are not all easy to identify.

For shared all this modem router have the same software developer of firmware: now suspect that the flaw would not have covered the Gongjin Electronics Shenzhen , the Chinese company that has contracted the development of these router software.

If you fear for your safety, and your modem router is in the list, proceed to the next automatic or manual updates of firmware, or at least ask for more clarification to the modem manufacturers or your telephone operators on how the situation is under management.