A computer security expert has discovered a security vulnerability in Eir routers which allows hackers to compromise the router and the whole internal network.
A Serious Vulnerability Was Identified in a Eir Router
A security expert has uncovered a serious bug in a router series which is used by the Irish ISP company Eir. The vulnerable model is the D1000 modem which has an open port that is linked to the remote management software used by the company to configure the device.
This allows attackers to carry out brute force or dictionary attacks on the device thereby gaining access to its settings. Once the hackers have assumed control they can modify the settings at will which may lead to serious consequences including the following:
The previous flaw was identified in 2014 and was tagged with the advisory id CVE-2014-9222. The summary reads the following:
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the “Misfortune Cookie” vulnerability.
This bug was patched in a firmware update released in 2015.
The latest vulnerability is linked to a TCP port 7547 exposure which runs the TR-064 server. This allows ISP technicians to configure the router via special software supplied with the device.
By definition this function should not be accessible from the WAN side. The sent commands can be used to open ports and change various passwords, retrieve wireless security keys and disable firewall measures. The security researchers demonstrated how this can be used to open up the web configuration interface and expose it on port 80 to the outside network.
It appears that the default login password is the supplied Wi-Fi password which can be easily obtained via a TR-064 command. Older versions of the device blocked access to the port except the IP addresses of the management services that are owned by the ISP. For some reason the new routers have overlooked this measure.
Security researchers have identified other bugs in the device however they were quickly patched by the ISP. The device vendor has created a firmware patch which has been sent to Eir.