More than 700,000 Internet routers distributed by a variety of manufacturers around the world have a security flaw that makes them vulnerable to hacking, security researchers have found.
A so-called “directory traversal” flaw allows unauthorized users to gain access to administrative credentials and configuration data for the DSL systems.
Manipulating the configuration settings would not only allow a hacker to change the network’s WiFi password, but also let them use the routers as tools in cyberattacks.
{mosads}The flaw was confirmed in routers distributed by Internet service providers in India, China, Egypt and Argentina, among other countries. Few were located in the United States.
Security researcher Kyle Lovett, who discovered the vulnerability, found attackers traced to IP addresses in China were already probing the routers.
“Lovett found the vulnerable routers through Internet scans and by using SHODAN, a specialized search engine for Internet-connected devices. According to him, 700,000 is a conservative estimate and only covers devices that can be targeted remotely because they have their Web-based administration interfaces exposed to the Internet,” wrote Lucian Constantin, a correspondent for IDG News Service.