-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-024 Title: SOHO routers vulnerabilities leading to man-in-the-middle attack [1] Version history: 05.03.2014 Initial publication Summary ======= Different vulnerabilities and default configuration in several brands of SOHO routers allowed dns misconfiguration in hundreds of thousands of devices. As far as some organizations have this system for different purpose according their security policies, CERT-EU has decided to send this advisory although these devices were not connected to the main network. In January 2004, Team Cymrus Enterprise Intelligence Services began investigating a SOHO pharming campaign that had overwritten router DNS settings in central Europe. To date, they have identified over 300,000 devices, predominantly in Europe and Asia, which have been compromised as part of this campaign. Affected devices had their DNS settings changed to use the IP addresses 5.45.75.11 and 5.45.75.36. Vulnerable systems ================== Several SOHO router models due to reported vulnerabilities or just to keep working with the configuration by default. What can you do? ================ Check the dns configured in your system and update the configuration of the router according to your policies and manufacturer specifications. At least, we recommend change the passwords by default for administration and administering the device by CLI instead of web based GUI when possible. More information ================ [1] https://www.team-cymru.com/ReadingRoom/Whitepapers/2013/TeamCymruSOHOPharming.pdf Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTF0FGAAoJEPpzpNLI8SVovSAQALDnaWilSIxWCeSs3A8C6iYL JN6U+V91dMnku293mDvG4blmnxxTfzh5KWn1RS7xKPVTRRW6X0NYn2V4j5aoTSW6 oL6XuwGhOs4KD9FPESEE5xv56ubAer2iC648OqgEnuA38kyuxc7XXLo6OAuWJHKe BKjDiRo81O2lqybLuEUyIs19D/IAm4ac4+UQj8m/iI1i5uF85icMGsmVeKfg5n55 3BQxwRuCG6IiRQs5g6VzsuRzFdHfFcKQ6BeuADllfLvGfT75kJ0i+RfHGax4YPIe hKdg4oNdZnwgBF7F0MrPKb1ABieMzNXHS5HLb0/wEfFVSoWqr/SfvErcptWrHugx lXNPhaKRNRHGj1d4JTJgtgQnhSfJ47/1o0OY6tD24rHx4Ls19E4RvgXiIjqhyzyi aD/x0YFHCaNt1J4VhYg7HwUvC8w+Ln94TEE3RoDgzi8zIw54ZUH2zrZ5YeTz4cKO MkxVKd5SqT9EP8AewCD9EHLHjloYTmSm3i8xLBamktDyVLwzolCIa9XBo7FkaWkN +Yi1vUhVcwzvXpFoTigmufkdPTHVy5m96Prm8qqAIUwpRdcwtNO/2KHEtWLFnPsf BCk7Ha4+GJnVaNSL/FPdV5cYm1z5HuHBGEYckPqi8t55ZOBGWr0PkRVu+McDBwUE IxkuNNO/6dgOdhNraXNa =otwM -----END PGP SIGNATURE-----