What is the Misfortune Cookie and what does it do?

What is the Misfortune Cookie and what does it do?

Hello,

The misfortune cookie is a vulnerability in routers from many popular manufacturers (e.g., Huawei, D-Link, ZTE). It allows any machine on a network (i.e., various devices) to be seized and for sensitive information to be accessed. The best current solution is to contact the manufacturer of the router for an upgrade that will address this problem.

What is the Misfortune Cookie and what does it do?

“Misfortune Cookie” is a vulnerability in the firmware for some routers. Once the embedded software or firmware running the router is exploited, the attacker can access a CLI or Command Line Interface. The router can then be used to collect data, steal credentials, or upload malicious files to the computers connected to the router and compromise the network.

When this flaw or vulnerability was discovered in late 2014, it’s already been there for a decade. The origin of the problem is an error in the HTTP cookie-management mechanism in the firmware of the device. The only thing the attacker has to do is to send a single packet containing a malicious HTTP cookie to initiate an exploit.

It was Lior Oppenheim, Check Point Software Technologies Limited’s researcher for network and endpoint security, who discovered the flaw which was officially known as “CVE-2014-9222.” The flaw affects more than 12 million devices in 200 different models, according to Check Point. Any model that hasn’t been patched yet that uses the RomPager embedded web server software earlier than version 4.34 may be vulnerable.

Though there haven’t been any documented attacks regarding the Misfortune Cookie router flaw, Check Point is exposing the flaw as a wake-up call for SOHO or Small Office and Home networks as well as the embedded device industry.