Home Router Vulnerability

If you have broadband internet access at home or your small office, there’s an ever-present concern about the security of that connection and how well it’s managed. The thought of a home router vulnerability is unlikely to concern you.  Like most homeowners or small businesses, you probably don’t have a network security professional handy.  If the connection to the internet is “on” then you probably think that it’s “good”.   Unfortunately there’s a new wave of attacks that’s come up and you should test your systems to be sure that you’re not at risk.

We use WordFence, a monitoring service, for some of our WordPress website clients.   WordFence is constantly monitoring risks and attacks, logging activity and details about them.   They regularly produce updates and recommendations to harden and secure WordPress websites and they’ve recently noticed a number of website attacks which were sourced from broadband home routers.   These were units that had a compromised port on the router and that was being used to attack websites throughout the country.

What’s the risk?

In terms of scale, the hack attempt isn’t huge and it’s certainly not new.   These particular risks  have been known since 2014.  WordFence reports today that they’ve noticed over 57,000 home routers have been exploited, resulting in an uptick in website attacks.  They’re reporting that almost 7% of their reported hack attempts are coming from these routers.    This is enough to make us take notice, as home networks, wifi, smart TVs, mobile devices, internet-connected security, and even climate controls and home-automation systems could be at risk.   As a friend and client of ours, we want you to be as safe as possible.

Am I at risk for Home Router Vulnerability?

This particular vulnerability is commonly known as (and aptly named) the “misfortune cookie”.  Originally disclosed by CheckPoint in 2014, the concern has been noted by researches and security experts for some time.   Your ISP leverages a distinct port on the router (Port 7547) for specific management tasks on that device.   The port should not be accessible publicly for any other purpose, but many ISPs are not blocking that port specifically.

Thankfully, there’s a tool from WordFence available to check the status of your network — whether a home or small business — to see if port 7547 is open, and therefore vulnerable, to this misfortune cookie attack.

To access the test,  click this link and test your connection.

The result you want to see is a test result of “stealth” on this port address for 7547.

What if my router is vulnerable?

If you are vulnerable, WordFence offers the following recommendations:

1. Immediately reboot your home router. This may flush any malware from your home router.
2. Upgrade your router firmware if you can to the newest version. Close port 7547 in your router config if you are able to. (Many routers don’t allow this)
3. If you can’t upgrade your own firmware, immediately call your ISP and let them know you have a serious security vulnerability in your home router and you need help fixing it. You can point them to this blog post (the page you are on) and this CheckPoint website for more information. Let them know that your router has a vulnerability on port 7547 in “Allegro RomPager” that can allow an attacker to access your home network and launch attacks from your router on others.
4. Run a virus scan on all your home workstations.
5. Update all home workstations and devices to the newest versions of operating system and applications or apps.
6. Update any firmware on home devices where needed.

If you are not vulnerable, but port 7547 is open on your router, we recommend that you:

1. Reboot your home router immediately. You may suffer from other port 7547 vulnerabilities.
2. Upgrade your router firmware if you can.
3. Close port 7547 on your router if you can. (Many routers don’t allow this)
4. Contact your ISP and let them know that port 7547 on your home router is accessible from the public internet. Let them know that port 7547 is used by your ISP to manage the router. It should not be publicly available. Suggest that they filter access to that port to prevent anyone on the public internet accessing it.

Credit for the recommended course of action is due to WordFence.com

I need help!

We don’t service homeowner accounts, but the information above should get you well on your way to solving these problems.

Whether you need an entire security scan on your network, hardening of your network resources, or a plan to address weak points in your network (such as outdated hardware, legacy systems, or lack of good controls), we’re happy to help!  If you’re a business account, please contact us and let us help resolve these issues.