IT security experts have found that over 12 million routers running “RomPager” are vulnerable to hackers. The flaw is called “Misfortune Cookie”.
Many users have never heard of RomPager however it is actually among the most widely used Web server software in the world. Routers using this have been manufactured D-Link, Huawei, TP-Link, ZTE, Zyxel and several others manufacturers. Many manufacturers have responded and they are offering new firmware and patches to address the latest security threat.
So how does Misfortune Cookie work?
The Misfortune Cookie uses a vulnerability in RomPager to allow a hacker to send a single packet containing a malicious HTTP cookie to exploit the flaw. This exploit would corrupt memory on the device and allow an attacker to remotely gain administrative access to the device.
With the latest vulnerability Misfortune Cookie, home routers are at risk to remote attacks including your entire network including printers, NAS and many other devices. This is a huge security concern due to privacy violation but it also allows for future attacks such as installing malware on devices and making permanent configuration changes.
This WAN-to-LAN free-crossing is also bypassing any firewall or isolation functionality previously provided by your gateway and breaks common threat models. Hackers can try to access your webcam or extract data from your NAS drive.
How do you protect yourself from Misfortune Cookie?
Obviously the first step is to verify if there is an update for your router direct from the manufacturer. You can also ensure your router’s web server is not open to the public on ports 80, 8080, 443 and 7547.