Anon Archived ABBA-solutely crapulous! Swedish router-maker won't patch gaping hole (theregister.co.uk)
submitted ago by 1266744?
Posted by: 1266744?
Posting time: 4.3 years ago on
Last edit time: never edited.
Archived on: 2/12/2017 1:51:00 AM
Views: 126
SCP: 5
5 upvotes, 0 downvotes (100% upvoted it)
Anon Archived ABBA-solutely crapulous! Swedish router-maker won't patch gaping hole (theregister.co.uk)
submitted ago by 1266744?
Sort: Top
[–] derram ago
https://archive.is/5P7P5 :
"The attack is possible because the firmware doesn't validate the Auto Configuration Server (ACS) certificate."
'"Inteno CPE WAN Management Protocol (CWMP) implementation (/bin/tr69c) fails to verify the server certificate validity. '
'"Operator that sells the CPE to end users or run their services over it should request software update from Inteno," Sintonen recounts. ', "The critical vulnerability, found by F-Secure's senior security consultant Harry Sintonen, allows anyone to get full admin privileges by staging a man-in-the-middle attack on certain types of Inteno routers."
'"Inteno do not do end user sales on CPE, we only sell through operators so such software features are directed through operators requests."'
This has been an automated message.