Security News

Routers made by MoFi Network are affected by several vulnerabilities, including critical flaws that can be exploited to remotely hack a device. Some of the vulnerabilities can allow an unauthenticated, remote attacker who has access to this web interface to take complete control of the targeted router.

Cisco Systems says hackers are actively exploiting previously unpatched vulnerabilities in its carrier-grade routers that could allow adversaries to crash or severely disrupt devices. The vulnerabilities exist in the Distance Vector Multicast Routing Protocol feature of Cisco IOS XR Software and could allow an unauthenticated, remote attacker to immediately crash the Internet Group Management Protocol process, the company warned in an advisory over the weekend.

Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers. Over the weekend, the company published an advisory to warn of active attacks targeting a security flaw in the Distance Vector Multicast Routing Protocol feature of IOS XR to cause memory exhaustion denial of service.

A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators are advised to implement one or all of the provided mitigations.

Zyxel Communications announced the receipt of OnGo certification for its high-power LTE7485-S905 4G LTE-A outdoor router by the CBRS Alliance. For service providers, OnGo certification brings interoperability to multi-vendor, large-scale deployments, thus enabling best-of-breed solutions at competitive costs.

D-Link made available its EXO AX5400 Mesh WiFi 6 Router with ultra-fast speeds and efficient performance benefits of WiFi 6 protocol. The AX5400 Router is the latest model in D-Link's trio of best-in-class WiFi 6 routers developed for superior coverage, increased capacity, reduced network congestion, and improved device battery life in device-dense homes.

UPDATE. Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. The company says that routers that won't receive updates are outdated or have reached EOL. The remote code execution vulnerability in question, which was disclosed June 15, allows network-adjacent attackers to bypass authentication on vulnerable Netgear routers - sans authentication.

Some vendors of low-cost devices are responsive to bug reports and publish security fixes promptly, which leads to another problem with the IoT ecosystem, namely that many consumers take a "Set and forget" attitude to these devices. So even if your home router gets updated reguarly with security improvements, when was the last time you went and checked if your device actually has the latest firmware version installed?

A pair of flaws in ASUS routers for the home could allow an attacker to compromise the devices - and eavesdrop on all of the traffic and data that flows through them. The bugs are specifically found in the RT-AC1900P whole-home Wi-Fi model, within the router's firmware update functionality.

A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel's water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry. A new round of attacks on Israel's water sector was reported last week and, similar to the first attacks, they targeted smaller, local facilities.