CERT mailing list archives

Previous By Date Next
Previous By Thread Next

"Misfortune Cookie" Broadband Router Vulnerability

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Sat, 20 Dec 2014 13:35:44 -0600
NCCIC / US-CERT

National Cyber Awareness System:

"Misfortune Cookie" Broadband Router Vulnerability [ 
https://www.us-cert.gov/ncas/current-activity/2014/12/20/Misfortune-Cookie-Broadband-Router-Vulnerability ] 12/20/2014 
12:46 PM EST 
Original release date: December 20, 2014

Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie 
processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device.

Users and administrators are encouraged to review Vulnerability Note VU#561444 [ http://www.kb.cert.org/vuls/id/561444 
], the Allegro Press Release [ 
https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html
 ], and Check Point's Security Advisory [ http://mis.fortunecook.ie/ ] for additional information and apply the 
necessary updates.

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Previous By Date Next
Previous By Thread Next

Current thread: