Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#160017 20-Dec-2014 12:42
Send private message

CERT Vulnerability Note: Multiple broadband routers use vulnerable versions of Allegro RomPager

Overview
Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases.

Description
Many home and office/home office (SOHO) routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to 4.34 contain a vulnerability in cookie processing code that can be leveraged to grant attackers administrative privileges on the device. According to Check Point's advisory, the vulnerability was addressed by Allegro in 2005 but is present in current or recent firmware releases of many devices.

Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on the device.

Solution
Apply an update
Check vendor websites for a firmware update that addresses this issue and apply it if available.

Use third-party firmware
Technical users may consider flashing to third-party firmware such as that provided by dd-wrt, openwrt, or others. Note that this action may invalidate device warranties.

Disable WAN services
If possible, disable services that listen for HTTP or HTTPS connections on the device's WAN side.

Check Point Software Technologies has published a list of devices (PDF) suspected of being vulnerable




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


Create new topic
Ragnor
8218 posts

Uber Geek

Trusted

  #1202073 22-Dec-2014 14:25
Send private message

That's a lot of consumer modems/routers... TP Link, D-Link, Huawei etc

Most of those models don't get firmware updates from the manufacturer anymore either!

I've always advocated avoiding the ISP provided routers but the cheap alternatives are just as bad. It's getting to the point where you want to put Mikrotik or Ubiquity stuff in for friends and family.... better safe than sorry.



ubergeeknz
3344 posts

Uber Geek

Trusted
Vocus

  #1202076 22-Dec-2014 14:27
Send private message

Sounds like as long as you disable remote admin, you're OK.  I still can't think of any good reason to have this open.

Ragnor
8218 posts

Uber Geek

Trusted

  #1202082 22-Dec-2014 14:32
Send private message

Generally remote web admin is disabled by default but the question is does the ui option in these devices really disable everything ie: disable all http from wan.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.