Is TG582n vulnerable to Misfortune Cookie?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Is TG582n vulnerable to Misfortune Cookie?
Is TG582n vulnerable to Misfortune Cookie?
19-12-2014 11:22 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
http://mis.fortunecook.ie/
http://www.checkpoint.com/blog/fortune-cookie-hole-internet-gateway/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9222%20
"Is it that bad?
Yes."
The TG582n is not listed in the known vulnerable routers - but conversely, have Plusnet verified it to be safe?
The vulnerability relates to a specific version of a specific embedded webserver prevalent in consumer routers from various vendors. But unfortunately the TG582n blanks out the server identity in its HTTP response, which means we have no idea what it's running.
$ telnet x.x.x.x 80
Trying x.x.x.x...
Connected to dsldevice.lan.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.0 302 Moved Temporarily
Date: Fri, 19 Dec 2014 11:19:30 GMT
Server:
Cache-control: no-cache="set-cookie"
ETag: "xxx-xxxxxxxx"
Content-length: 0
Connection: close
Set-Cookie: xAuth_SESSION_ID=xxxxxxxxxxxxxxxx; path=/;
Location: http://127.0.0.1:80/landing.lp
Connection closed by foreign host.
Re: Is TG582n vulnerable to Misfortune Cookie?
19-12-2014 11:38 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Moved to Feedback as it isn't fibre specific
A thought - does blocking cookies in the browser stop this and is it related to this in my router log
Note the router can't spell either
Quote FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 125.41.79.63 Dst ip: 81.174.***.*** Type: Destination Unreachable Code: Port Unreacheable
Re: Is TG582n vulnerable to Misfortune Cookie?
19-12-2014 1:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Oldjim A thought - does blocking cookies in the browser stop this
No - this is about people on the Internet being able to break into your router from the outside. This will happen even if all your PCs are turned off, but the router is switched on.
"All an attacker needs in order to exploit Misfortune Cookie is to send a single packet to your public IP address."
Quote FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 125.41.79.63 Dst ip: 81.174.***.*** Type: Destination Unreachable Code: Port Unreacheable
The first IP address is in China, however the firewall log message is next to useless.
Either it means someone in China tried to connect to your router on a port which was not open (in which case your router would have sent back an ICMP "port unreachable"). Or it coule be the opposite: your machine tried to connect outbound to this IP in China and the response back was ICMP "port unreachable", and the firewall has logged this response.
Re: Is TG582n vulnerable to Misfortune Cookie?
19-12-2014 1:51 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Is TG582n vulnerable to Misfortune Cookie?
19-12-2014 1:53 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Is TG582n vulnerable to Misfortune Cookie?
19-12-2014 1:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Is TG582n vulnerable to Misfortune Cookie?
19-12-2014 9:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Using a TP-Link Archer VR600 modem-router.
Re: Is TG582n vulnerable to Misfortune Cookie?
05-01-2015 2:07 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
This is a pretty serious vulnerability...
Re: Is TG582n vulnerable to Misfortune Cookie?
06-01-2015 1:50 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Is TG582n vulnerable to Misfortune Cookie?
14-01-2015 1:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Is TG582n vulnerable to Misfortune Cookie?
14-01-2015 3:53 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Is TG582n vulnerable to Misfortune Cookie?
15-01-2015 6:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Is TG582n vulnerable to Misfortune Cookie?
16-01-2015 10:38 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Is TG582n vulnerable to Misfortune Cookie?