The recently uncovered CSRF pharming vulnerability and MOOSE malware take advantage of home routers with weak credentials through a Web-based tool or malware. They aim to redirect traffic to malicious sites or create social media fraud.
The CSRF pharming vulnerability uses a Web-based exploit kit designed to change the domain name system (DNS) settings of routers in order to redirect traffic to malicious sites, which can potentially result in data theft. The MOOSE malware targets Linux-based routers that use default passwords to create social media fraud.
What these two vulnerabilities share in common is that they both take advantage of routers with weak credentials, such as default or weak passwords, or those running on outdated firmware versions. They also target users who click on malicious sites or advertisements.
Recently published research on the CSRF pharming vulnerability claimed three Zyxel routers (see table 1) were affected. In response, Zyxel has tested and verified their status (also illustrated in table 1).
As mentioned, the threats take advantage of not only the routers, but also specific Internet browsing behaviors. Zyxel believes these threats can be avoided by taking a few simple steps.
With new threats emerging every day, Zyxel continuously updates product firmware to incorporate the latest security patches and protections. We also urge users take some basic steps listed below to avoid similar threats in the future:
Threat
|
Affected Product
|
Model Name
|
Status
|
---|---|---|---|
CSRF Pharming Vulnerability |
USB Powered Travel Router (U.S. Exclusive Model) |
MWR102 |
Verified not affected |
Wireless Router |
NBG416 |
Verified not affected |
|
Wireless Router |
NBG334W |
End of life |
|
MOOSE Malware |
Not affected |
Please contact your local service or sales representative if you have any further questions.