Skip to main content

"Misfortune Cookie" Vulnerability on Multiple Broadband Routers

Last Update Date: 22 Dec 2014 10:56 Release Date: 22 Dec 2014 4098 Views

RISK: High Risk

TYPE: Operating Systems - Embedded OS

TYPE: Embedded OS

Many home and office/home office (SOHO) routers have been identitied to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to 4.34 contain a vulnerability in cookie processing code that can be leveraged to grant attackers administrative privileges on the device.


Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Routers' Allegro RomPager versions prior to 4.34

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply an update.
    Check vendor websites for a firmware update that addresses this issue and apply it if available.

Vulnerability Identifier


Source


Related Link