Security researchers have discovered that over 12 million routers from brands like Linksys, D-Link, Edimax, Huawei, TP-Link, ZTE and ZyxEL are at risk of attack due to a vulnerability in the RomPager software. Versions of RomPager prior to 4.34 contain a critical security bug that allows attackers to send HTTP cookie files that corrupt the router's device memory and hand over administrative control, allowing attackers to remotely monitor user traffic and more. Full details at ARS Technica, a list of devices suspected to be vulnerable can be found here (PDF).
The vulnerability resides in "RomPager" software, embedded into the residential gateway devices, made by a company known as AllegroSoft. Versions of RomPager prior to 4.34 contain a critical bug that allows attackers to send simple HTTP cookie files that corrupt device memory and hand over administrative control. Attackers can use that control to read plaintext traffic traveling over the device and possibly take other actions, including changing sensitive DNS settings and monitoring or controling Web cams, computers, or other connected devices. Researchers from Check Point's malware and vulnerability group have dubbed the bug Misfortune Cookie, because it allows hackers to determine the "fortune" of an HTTP request by manipulating cookies. They wrote:
If your gateway device is vulnerable, then any device connected to your network—including computers, phones, tablets, printers, security cameras, refrigerators, toasters or any other networked device in your home or office network—may have increased risk of compromise. An attacker exploiting the Misfortune Cookie vulnerability can easily monitor your Internet connection, steal your credentials and personal or business data, attempt to infect your machines with malware, and over-crisp your toast.