The flaw was detected by Security researcher Kyle Lovett when he analysed some ADSL routers during his spare time. Upon investigation he found that hundreds of thousands of such routers made by different manufacturers, which are provided by ISPs may be vulnerable. The flaw isn’t new and has been reported by multiple researchers since 2011 in various router models. These routers have been distributed in countries such as Colombia, India, Argentina, Thailand, Moldova, Iran, Peru, Chile, Egypt, China and Italy. Some of these routers are also sold off the shelf in the United States and other countries. The flaw that allows for the hacking to happen is called a “directory traversal” and appears in the router firmware component called webproc.cgi. A potential hacker can extract a config.xml file which contains the router’s configuration settings, the ISP connection username and password, the Wi-Fi password, and the client and server credentials for the TR-069 remote management protocol used by some ISPs. The file also contains the password hashes for the administrator and other accounts on the device which can be easily hacked according to Lovett due to weak hashing algorithm. Lovett found that all of these vulnerable routers were manufactured using firmware from Chinese company called Shenzhen Gongjin Electronics, which also does business under the trademark T&W. This company manufactures networking equipment for router vendors such as D-Link, Asus, Alcatel-Lucent, Belkin, ZyXEL and Netgear. The identified router models were: As of now it is not known whether Shenzhen Gongjin Electronics knows about this vulnerability or has tried to patch it. Lovett has informed various manufacturers of routers listed above and disclosed the vulnerability at a security conference. ZTE H108NV2.1 D-Link 2750E D-Link 2730U D-Link 2730E Sitecom WLM-3600 Sitecom WLR-6100 Sitecom WLR-4100 FiberHome HG110 Planet ADN-4101 Digisol DG-BG4011N Observa Telecom BHS_RTA_R1A
