Hacking SOHO Routers

Home / Hacking, News, Security / Hacking SOHO Routers

May 18, 2008 PlanetCreator 0 Comments 0 tags

The purpose of this paper is to outline the security measures being taken by vendors to prevent such attacks in their home routing products, what those security measures accomplish, and where they fall short. We will use existing network tools to examine common vulnerabilities in a range of popular devices and demonstrate weaknesses in the security of those devices; additionally, we will examine common trends in security measures that have been duplicated across vendors, and examine how those trends help and hinder the security of their devices. In particular, we will examine the following home routers, which are some of the latest offerings from their respective vendors at the time of this writing:
* Linksys WRT160N
* D-Link DIR-615
* Belkin F5D8233-4v3
* ActionTec MI424-WR

The original article can be found at: http://www.sourcesec.com/Lab/soho_router_report.pdf

Conclusion:
Router manufacturers are increasing the security of their devices, however, home router security still has a long road ahead of it. Below is a table listing each of the devices and their associated, reasonably exploitable, vulnerabilities mentioned in this paper; these types of vulnerabilities must be considered by all vendors, and should be investigated by any consumer before purchasing a router.

Explore More

Critical XSS Vulnerability in http://www.yangon.com.mm

PlanetCreator.Net’s Security Team Member has reported another critical XSS vulnerability on MM Search Engine http://www.yangon.com.mm These are some information from Vulneral Site http://www.yangon.com.mm: This vulnerability has been alerted to webmaster

Details on Sarah Pailnâ€™s email break-in

More details on how the hacker managed to break in VP candidate Sarah Palin emerged. The hacker who calls himself â€œrubicoâ€ posted on a blog on the methods he used

Friendster accounts hacking menace

Someone asked us recently how to hack a Friendster account. Of course, we refused point blank as hacking is not only illegal, it is utterly loathsome. It is none of

[local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
on May 1, 2025 at 12:00 am
Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
[local] ZTE ZXV10 H201L - RCE via authentication bypass
on May 1, 2025 at 12:00 am
ZTE ZXV10 H201L - RCE via authentication bypass
[local] Daikin Security Gateway 14 - Remote Password Reset
on May 1, 2025 at 12:00 am
Daikin Security Gateway 14 - Remote Password Reset
[local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
on May 1, 2025 at 12:00 am
Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
[local] unzip-stream 0.3.1 - Arbitrary File Write
on April 30, 2025 at 12:00 am
unzip-stream 0.3.1 - Arbitrary File Write