At least 700,000 routers given to customers by ISPs are vulnerable to hacking
More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them.
Most of the routers have a “directory traversal” flaw in a firmware component called webproc.cgi that allows hackers to extract sensitive configuration data, including administrative credentials. The flaw isn’t new and has been reported by multiple researchers since 2011 in various router models.
Security researcher Kyle Lovett came across the flaw a few months ago in some ADSL routers he was analyzing in his spare time. He investigated further and unearthed hundreds of thousands of vulnerable devices from different manufacturers that had been distributed by ISPs to Internet subscribers in a dozen countries.