View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
December 22, 2014

Misfortune Cookie vulnerability found on millions of SOHO routers

Vulnerability allows intruders to capture admin privileges and hack all devices connected to the router.

By CBR Staff Writer

Researchers at Check Point Software Technologies have discovered a new vulnerability that enables hackers to remotely capture residential gateway (SOHO router) devices.

The hackers are then able to capture all administrative privileges and hack all devices connected to the router.

Being assigned the CVE-2014-9222 identifier, the new vulnerability dubbed ‘Misfortune Cookie’ currently exists on millions of SOHO routers from different models and manufacturers, according to researchers at Check Point’s Malware and Vulnerability Research Group.

About 12 million readily exploitable devices are currently connected to the Internet globally, which makes it one of the most extensive vulnerabilities disclosed in recent years.

Check Point Software Technologies malware and vulnerability research manager Shahar Tal said: "Misfortune Cookie is a serious vulnerability present in millions of homes and small businesses around the world, and if left undetected and unguarded, could allow hackers to not only steal personal data, but control peoples’ homes."

"At Check Point, we are dedicated to protecting the internet and its users by staying ahead of attackers."

"Our Malware and Vulnerability Research Group remains focused on uncovering security flaws and developing the necessary real-time protections to secure the Internet."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

The vulnerability would enable intruders to gain access to millions of routers globally and pinch confidential data from the wired and wireless devices connected to the network.

AllegroSoft’s embedded web server RomPager is the effected software, which comes wiith the firmware released with devices, the security firm added.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.