"Misfortune Cookie" Vulnerability on Multiple Broadband Routers
Last Update Date:
22 Dec 2014 10:56
Release Date:
22 Dec 2014
4098
Views
RISK: High Risk
TYPE: Operating Systems - Embedded OS
Many home and office/home office (SOHO) routers have been identitied to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to 4.34 contain a vulnerability in cookie processing code that can be leveraged to grant attackers administrative privileges on the device.
Impact
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Routers' Allegro RomPager versions prior to 4.34
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply an update.
Check vendor websites for a firmware update that addresses this issue and apply it if available.
Vulnerability Identifier
Source
Related Link
Share with