Cybersecurity group Trustwave has unveiled five new vulnerabilities in Comba and D-Link routers that could let criminals swipe your login details while you browse.
The vulnerabilities were discovered by SpiderLabs Security Researcher Simon Kenin. The flaws, which were posted on the company’s SpiderLabs blog today, includes two issues in D-Link DSL modems and three across Comba Telecom Wi-Fi devices. “Since your router is the gateway in and out of your entire network it can potentially affect every user and system on that network”, warned Trustwave.
The first D-Link issue affects the D-Link DSL-2875AL dual band wireless modem, a device primarily used to connect a home network to an internet service provider. The router contains a password vulnerability that could allow anyone with access to the web-based management IP address to view your password in clear text.
Related: Best Router
The second issue affects both the DSL-2875AL and the DSL-2877AL modems and could allow anyone sneaking a peak at the source code on a router’s login page to access the username and password of the user’s internet service provider. This info could be even more dangerous if the D-Link owner is reusing their ISP login information with their router or another website, giving attackers access to more than just the Wi-Fi connection.
The Comba vulnerabilities include easy to crack MD5 hashes of router usernames and passwords. Hackers can use unauthenticated URL requests to enact a full takeover of the Comba AC2400 WiFi Access Controller’s filesystem, while the Comba AP2600-I WiFi Access Point has two vulnerabilities – the source code of the login page and a downloadable database file – giving attackers multiple opportunities to sneak away with your username and password.
Related: Best VPN
According to Trustwave, neither D-Link nor Comba Telecom have patched the vulnerabilities despite multiple attempts to contact them by the group’s disclosure team.