Checkpoint found a “Misfortune Cookie” vulnerability in various gateway devices for the home.
This is the paper about how to protect one’s device: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
thsi is especially disconcerting:
Any user traffic destined for banking or financial sites was redirected to malicious servers under the attackers control or redirected through SSL proxies where the security of the traffic was compromised via an SSL man-in-the-middle attack.
If your device has RomPager from AllegroSoft then there is a potential vulnerability on the device.
RomPager is an embedded web server:
located in a so called “Internet of things” this software could be in almost any device that is on the network.
Here are some of hte routers that are vulnerable:
D-Link DSL-2520U 1.08 Hardware Version: B1
D-Link DSL-2740R EU_1.13 Hardware Version: A1
AirLive WT-2000ARM 2.11.6.0(RE0.C29)3.7.6.1
D-Link DSL-2740R EU_1.13 Hardware Version: A1
AirLive WT-2000ARM 2.11.6.0(RE0.C29)3.7.6.1
The problem is that if the webserver responds with the following in the header field: “Server: ZyXEL-RomPager/3.02” then one knows it is vulnerable.
looks like ZTE routers have it as well.