CERT mailing list archives
"Misfortune Cookie" Broadband Router Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Sat, 20 Dec 2014 13:35:44 -0600
NCCIC / US-CERT National Cyber Awareness System: "Misfortune Cookie" Broadband Router Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2014/12/20/Misfortune-Cookie-Broadband-Router-Vulnerability ] 12/20/2014 12:46 PM EST Original release date: December 20, 2014 Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device. Users and administrators are encouraged to review Vulnerability Note VU#561444 [ http://www.kb.cert.org/vuls/id/561444 ], the Allegro Press Release [ https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html ], and Check Point's Security Advisory [ http://mis.fortunecook.ie/ ] for additional information and apply the necessary updates. ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- "Misfortune Cookie" Broadband Router Vulnerability US-CERT (Dec 20)