ASUS GeForce RTX 4080 Noctua OC Edition review
MSI Clutch GM51 Wireless mouse review
ASUS ROG STRIX B760-F Gaming WIFI review
Asus ROG Harpe Ace Aim Lab Edition mouse review
SteelSeries Arctis Nova Pro Headset review
Ryzen 7800X3D preview - 7950X3D One CCD Disabled
MSI VIGOR GK71 SONIC Blue keyboard review
AMD Ryzen 9 7950X3D processor review
FSP Hydro G Pro 1000W (ATX 3.0, 1000W PSU) review
Addlink S90 Lite 2TB NVMe SSD review
Millions Linksys and Netgear other routers and IoT devices are vulnerable to DNS poisoning
An unresolved DNS vulnerability affects millions of Linksys and Netgear routers, as well as other IoT equipment. Nozomi Networks Labs security researchers found CVE-2022-05-02, a DNS implementation flaw in two prominent C libraries. uClibc and uClibc-ng are commonly found in routers and IoT devices.
DNS poisoning is essentially fooling the target device into pointing to an arbitrarily defined endpoint and communicating with it over the network. The attacker would then be able to divert traffic to a server under their direct control. A threat actor can employ DNS poisoning or DNS spoofing to send the victim to a malicious website hosted at an IP address on the attacker's server rather than the genuine destination. The OpenWRT team's fork, uClibc-ng, and the library uClibc. Both types are extensively utilized by major companies like as Netgear, Axis, and Linksys, as well as embedded Linux releases. According to Nozomi Networks experts, a remedy from the uClibc developer is not yet available, putting products from up to 200 companies at risk.
- "Because this vulnerability remains unpatched, for the safety of the community, we cannot disclose the specific devices we tested on," says Nozomi
- "We can, however, disclose that they were a range of well-known IoT devices running the latest firmware versions with a high chance of them being deployed throughout all critical infrastructure."
Users of IoT and router devices should keep a lookout for new firmware releases from suppliers and install the most recent upgrades as soon as they are available.
Intel Determined to bring gamers millions of Intel ARC GPUs each year - 01/31/2022 10:27 AM
When it comes to GPUs, the situation has reached rock bottom, with interesting GPUs selling out instantly or at exorbitant prices, and brands releasing products that would never have existed in a norm...
Facebook stored millions of passwords unencrypted - 03/22/2019 09:57 AM
The credit for c***up of the year goes to Facebook. The company keeps promising things but as it now turns out it stored the passwords of hundreds of millions of users completely unencrypted, yes that...
DRAM makers likely to get fined millions (if not billions) on antitrust fines in China - 06/21/2018 04:39 PM
The Chinese authorities have been investigating the DRAM market for a while now. We've reported on this topic several already. From the looks of it, things are about the get worse for the big three M...
Millions Of Routers Vulnerable To Attacks Due To NetUSB Bug - 05/25/2015 08:46 AM
A serious vulnerability affecting the NetUSB kernel driver developed by Taiwan-based tech company KCodes exposes millions of routers to hack attacks, researchers have warned. According to its website,...
Millions of infected machines might go offline March 8 - - 02/18/2012 02:02 PM
In three weeks, the FBI could knock millions of infected systems offline by disabling some DNS servers as techspot reported. In November, Estonian authorities arrested six men suspected of using "...
Venix
Senior Member
Posts: 2978
Joined: 2016-08-01
Senior Member
Posts: 2978
Joined: 2016-08-01
#6015931 Posted on: 05/10/2022 01:27 PM
I just read the CVE and some additional articles about it. Turns out static DNS addresses won't help here. Even if you have a static IP address on all of your devices, the DNS requests must still traverse your router and proceed to whatever destination you have set. Any infected device between the client and the DNS server can attempt to respond with a malicious DNS response while masquerading as the correct DNS server. DNS is a well-known protocol and is not encrypted.
Here's another interesting bit about DNS IP addresses. I know some ISPs and consumer routers (usually ISP rentals) have been known to replace the destination DNS IP address found in a packet with the "preferred" DNS IP address all done transparently to the user so you would never know, unless you have a packet sniffer sitting between the router and the ISP (which only catches the router's replacement and not the ISP's replacement). Destination DNS IP replacement is also very likely to happen with an infected router.
I see that seems like a major headache thanks for the info!
I just read the CVE and some additional articles about it. Turns out static DNS addresses won't help here. Even if you have a static IP address on all of your devices, the DNS requests must still traverse your router and proceed to whatever destination you have set. Any infected device between the client and the DNS server can attempt to respond with a malicious DNS response while masquerading as the correct DNS server. DNS is a well-known protocol and is not encrypted.
Here's another interesting bit about DNS IP addresses. I know some ISPs and consumer routers (usually ISP rentals) have been known to replace the destination DNS IP address found in a packet with the "preferred" DNS IP address all done transparently to the user so you would never know, unless you have a packet sniffer sitting between the router and the ISP (which only catches the router's replacement and not the ISP's replacement). Destination DNS IP replacement is also very likely to happen with an infected router.
I see that seems like a major headache thanks for the info!
AuerX
Senior Member
Posts: 1101
Joined: 2018-12-12
Senior Member
Posts: 1101
Joined: 2018-12-12
#6015936 Posted on: 05/10/2022 01:39 PM
So, if one really isnt a network enthusiast/pro, how does one protect things from this?
Asking for a friend.
So, if one really isnt a network enthusiast/pro, how does one protect things from this?
Asking for a friend.
Mufflore
Senior Member
Posts: 13953
Joined: 2010-05-22
Senior Member
Posts: 13953
Joined: 2010-05-22
#6015938 Posted on: 05/10/2022 01:44 PM
So, if one really isnt a network enthusiast/pro, how does one protect things from this?
Asking for a friend.
Hope you havent got vulnerable equipment.
Info on whats affected hasnt been released yet.
So, if one really isnt a network enthusiast/pro, how does one protect things from this?
Asking for a friend.
Hope you havent got vulnerable equipment.
Info on whats affected hasnt been released yet.
Ub3rslay3r
Junior Member
Posts: 13
Joined: 2008-02-16
Junior Member
Posts: 13
Joined: 2008-02-16
#6015951 Posted on: 05/10/2022 02:13 PM
So, if one really isnt a network enthusiast/pro, how does one protect things from this?
Asking for a friend.
Basically what Mufflore said. Also, make sure your devices use the firewalls built into them whenever possible. Thankfully, most reputable manufacturers will update the firmware on their devices to patch issues like this fairly quickly, so also be sure to watch for firmware updates. If you want to keep an eye on the list of vulnerable devices as it's updated, check this when you can: https://www.kb.cert.org/vuls/id/473698
If you really want to go for it, you can set-up your own DNS server, and ensure it doesn't use the affected libraries, but that opens up a lot of other possible issues and vulnerabilities, so I don't recommend it for individuals.
So, if one really isnt a network enthusiast/pro, how does one protect things from this?
Asking for a friend.
Basically what Mufflore said. Also, make sure your devices use the firewalls built into them whenever possible. Thankfully, most reputable manufacturers will update the firmware on their devices to patch issues like this fairly quickly, so also be sure to watch for firmware updates. If you want to keep an eye on the list of vulnerable devices as it's updated, check this when you can: https://www.kb.cert.org/vuls/id/473698
If you really want to go for it, you can set-up your own DNS server, and ensure it doesn't use the affected libraries, but that opens up a lot of other possible issues and vulnerabilities, so I don't recommend it for individuals.
Click here to post a comment for this news story on the message forum.
Junior Member
Posts: 13
Joined: 2008-02-16
I manually configure DNS on my network adapters.
Only needs to be done once.
Yeah on everything my self I have DNS set up to 1.1.1.1 !
I just read the CVE and some additional articles about it. Turns out static DNS addresses won't help here. Even if you have a static IP address on all of your devices, the DNS requests must still traverse your router and proceed to whatever destination you have set. Any infected device between the client and the DNS server can attempt to respond with a malicious DNS response while masquerading as the correct DNS server. DNS is a well-known protocol and is not encrypted.
Here's another interesting bit about DNS IP addresses. I know some ISPs and consumer routers (usually ISP rentals) have been known to replace the destination DNS IP address found in a packet with the "preferred" DNS IP address all done transparently to the user so you would never know, unless you have a packet sniffer sitting between the router and the ISP (which only catches the router's replacement and not the ISP's replacement). Destination DNS IP replacement is also very likely to happen with an infected router.