Nearly 3/4 of a million modem/routers that various Internet Service Providers provided to their customers have a major vulnerability that means hackers could take control of the router and steal sensitive data. This affects ISP customers in 12 countries. In the United States, most of the routers appear to have been sold in stores and not supplied by Internet providers.
This flaw was brought to light by Cisco security researcher Kyle Lovett. The issue is in the firmware of the router. This flaw means that hackers could take control and direct you to fake sites instead of where you want to go on the Internet.
It looks as if many of these routers have hidden passwords that are pretty simple to guess. Crooks could then get into the memory and steal things like your credentials for logging on to certain sites.
Many of these devices were handed out by the Internet Service providers, but some were available for sale in stores. The affected devices include but are not limited to:
Sitecom WLM-3600, WLR-6100, WLR -4100
ZTE H108N, H108NV2.1
Planet ADN -4101
Digisol DG- BG4011N
This is not a complete list of affected routers. Lovett says many of the routers are rebranded by the ISPs and he doesn’t know the names they were distributed under. He has notified the affected vendors that he could identify about the issue.
It all seems to trace back to a flaw in firmware designed by Shenzhen Gongjin electronics. The company manufactures routers for a number of well-known router companies such as Asus, Belkin and Netgear, although not all of those devices run the affected firmware. Lovett says he expect this issue to end up affecting a lot more routers that those he initially named..
Right now there’s no definite list of every affected model. The hope is that once the vendors are notified, they can work with the manufacturer to update the firmware and distribute those patches to the ISPs who can then update the modem/routers. If I have information about firmware updates issued by manufacturers, I’ll let you know. If you have specific concerns about your router, contact the manufacturer or yoru Internet service provider.