Your wireless router could be hacked if you have this vulnerability

A team of researchers from Synopsys' Cybersecurity Research Center (CyRC) in Oulu, Finland have discovered a partial authentication byp...

A team of researchers from Synopsys' Cybersecurity Research Center (CyRC) in Oulu, Finland have discovered a partial authentication bypass vulnerability in multiple wireless router chipsets from Mediatek, Qualcomm (Atheros), Zyxel and Realtek.

The vulnerability, tracked as CVE-2019-18989, CVE-2019-18990 and CVE-2019-18991, affects Mediatek's MT7620N chipset, Qualcomm's AR9132, AR9283 and AR9285 chipsets and Realtek's RTL8812AR, RTL8196D, RTL8881AN and RTL8192ER chipsets. However, Synopsys was unable to identify a comprehensive list of vulnerable devices and chipsets as numerous wireless routers are affected by this vulnerability.

As part of its disclosure process, Synopsys engaged with all the manufacturers of the devices it tested. After reaching out to each manufacturer, the company only received a response from Zyxel though Mediatek notified D-Link regarding the matter during the disclosure process. Both Zyxel and D-Link confirmed that they have patches ready to fix the issue and these will be made available to their affected customers.

Authentication bypass vulnerability

According to a new blog post from Synopsys, the vulnerability allows an attacker to inject packets into a WPA2-protected network without knowledge of the preshared key. 

Upon injection, these packets are routed through the network in the same way valid packets are and responses to the injected packets return encrypted. However, since an attacker exploiting this vulnerability can control what is sent through the network, they would eventually be able to ascertain if the injected packets successfully reached an active system.

As a proof-of-concept, Synopsy researchers were able to open a UDP port in a router's NAT by injecting UDP packets into a vulnerable WPA2-protected network. The packets were able to route through the public internet before they were eventually received by an attacker-controlled host listening on a defined UDP port. Upon receiving this response, the attacker-controlled host can then use this opened UDP port to communicate back to the vulnerable network.

While access point manufacturers whose devices include the identified chipset can request patches from Mediatek and Realtek, end users with vulnerable access points are strongly encouraged to upgrade their devices as soon as possible or replace vulnerable access points with another access point.



from TechRadar - All the latest technology news https://ift.tt/2GIxZfy
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,108,Video,5,XIAOMI,13,YouTube - 9to5Google,107,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Your wireless router could be hacked if you have this vulnerability
Your wireless router could be hacked if you have this vulnerability
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2020/10/your-wireless-router-could-be-hacked-if.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2020/10/your-wireless-router-could-be-hacked-if.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy