12 Million Home Routers Suspected of Misfortune Cookie Vulnerability

Check Point Software Technologies researchers have uncovered a vulnerability in millions of Small office/home office (SOHO) routers which they said has been around since 2002.  The Vulnerability Research Group detected approximately 12 million devices in 189 countries and said the vulnerability exists on many different models and makes from different manufactures, making this one of the most widespread vulnerabilities revealed in recent years.

“Misfortune Cookie is a serious vulnerability present in millions of homes and small businesses around the world, and if left undetected and unguarded, could allow hackers to not only steal personal data, but control peoples’ homes,” said Shahar Tal, Malware and Vulnerability Research Manager at Check Point Software Technologies.  The vulnerability has been assigned the CVE-2014-9222 identifier. This severe vulnerability allows an attacker to remotely take over a gateway device with administrative privileges.

The affected software is the embedded web server RomPager from AllegroSoft, which is typically embedded in the firmware released with devices.  The researchers believe that devices containing RomPager services with versions before 4.34 (and specifically 4.07) are vulnerable*. The web server is the software we use to access and administer the device from a web browser on our PC.

For more information about Misfortune Cookie, affected devices, and how consumers and businesses can protect themselves from this vulnerability, please visit mis.fortunecook.ie.

*Note that some vendor firmware updates may patch RomPager to fix Misfortune Cookie without changing the displayed version number, invalidating this as an indicator of vulnerability. This does not mean all firmware versions of the device are vulnerable. It means at least one version of that device seemed vulnerable during our scans, performed November 2014. See the list of devices here.