What's going on with "your router has a loophole, get a new one"? : IT with a radius of 300m (1amp 2 pages)

There was another interesting news last week. Manufacturing wireless LAN routers and other cholera plus announced that their support has been terminated for the vulnerability of the router and notified the solution.

The solution is to "stop using the router". After listening to this, "is that Ali? There may be a lot of people refusing to respond, but I think "this is a sincere response."

According to JVN (Japan Vulnerability Notes), the information portal that manages the identified vulnerabilities, in the cholera WLAN router "CG-WGR1200"

These three loopholes are obvious. This is a common type of vulnerability, and once the vulnerability is hit, the router device will be hijacked.

Router devices are characterized by "always connected to the Internet". If such "Internet frequently connected devices" are hijacked, you can connect to any server.

This may sound like a matter of course, for example, hijacking a router and sending requests to a specific Web server multiple times can illegally burden the other party. This is like a "F5 attack" that is reloaded repeatedly in a Web browser. Putting a load on the other party and interfering with the service in this way is called a "DoS attack".

The problem is that "the same router is sold in large quantities". If a malicious person hijacks a router with this vulnerability at the same time, a DoS attack will be carried out from a large number of devices. If it is a F5 attack is OK, if tens of thousands of DoS attacks at the same time, that is the most important. This is called distributed DoS and DDoS attacks. So far, DDoS attacks using routers have been observed, and alerts have been issued by the Police Department.

Vulnerability suddenly, becomes obvious, 0, almost unexpectedly. This is the same on any supplier's equipment. Not only for the above-mentioned suppliers and models of routers, but also for the equipment you use, please take this opportunity to know if the update appears. If you can, make sure that the automatic update function is available or not, and check that it is set correctly.