More than 700,000 ADSL routers provided to subscribers by ISPs around the world are vulnerable to remote hacking due to a flaw called “directory traversal.”
More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them. Security researcher Kyle Lovett first detected the vulnerability a few months ago while analyzing some ADSL routers in his spare time. Upon delving a bit deeper, he discovered hundreds of thousands of susceptible devices from different manufacturers that had been distributed by ISPs to subscribers in nearly a dozen countries.
Most of the routers were found to have a “directory traversal” flaw in a firmware component called webproc.cgi that allows hackers to extract sensitive configuration data. It should be noted that the flaw isn’t entirely new; in fact, it was initially reported by multiple researchers dating back to 2011 in various router models that have been distributed in countries such as Colombia, India, Argentina, Thailand, Moldova…
View original post 298 more words