CERT Vulnerability Note: Multiple broadband routers use vulnerable versions of Allegro RomPager
Overview
Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases.
Description
Many home and office/home office (SOHO) routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to 4.34 contain a vulnerability in cookie processing code that can be leveraged to grant attackers administrative privileges on the device. According to Check Point's advisory, the vulnerability was addressed by Allegro in 2005 but is present in current or recent firmware releases of many devices.
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on the device.
Solution
Apply an update
Check vendor websites for a firmware update that addresses this issue and apply it if available.
Use third-party firmware
Technical users may consider flashing to third-party firmware such as that provided by dd-wrt, openwrt, or others. Note that this action may invalidate device warranties.
Disable WAN services
If possible, disable services that listen for HTTP or HTTPS connections on the device's WAN side.
Check Point Software Technologies has published a list of devices (PDF) suspected of being vulnerable.