0
0

[–] derram ago 

https://archive.is/5P7P5 :

ABBA-solutely crapulous! Swedish router-maker won't patch gaping hole • The Register

"The attack is possible because the firmware doesn't validate the Auto Configuration Server (ACS) certificate."

'"Inteno CPE WAN Management Protocol (CWMP) implementation (/bin/tr69c) fails to verify the server certificate validity. '

'"Operator that sells the CPE to end users or run their services over it should request software update from Inteno," Sintonen recounts. ', "The critical vulnerability, found by F-Secure's senior security consultant Harry Sintonen, allows anyone to get full admin privileges by staging a man-in-the-middle attack on certain types of Inteno routers."

'"Inteno do not do end user sales on CPE, we only sell through operators so such software features are directed through operators requests."'

This has been an automated message.