Vault 7 have released yet another old CIA exploit. This one is slightly different in that it interferes with the normal firewall security that you would expect on your router. In simple terms it pwns your whole network, so an attacker can keylog, poison the DNS or alter router settings,, open ports etc. DNS poisoning of course allows a vast range of malware to be installed.
Twenty-five routers are known to be affected but probably hundreds more could be attacked. In principle this is not very different from the host of malware that can attack badly secured routers, the big difference is that this malware can bypass even a secure admin password.
The only security advice given is to turn off UPnP in your router (if you can!) and install your own custom firmware – e.g. tomato or dd-wrt.
Ars Technica has some more details. El Reg has similar details with a slightly different slant.
All this looks like adding up to a gang-buster year for security auditors and pen-testers! Probably means a big hike is required in a lot of IT budgets too.
.
