Misfortune Cookie is a firmware vulnerability in the firmware for some routers.
Once the embedded software running the device is exploited, the attacker can gain a command line interface (CLI). The device can then be used to gather data, steal credentials or upload malicious files to connected computers and compromise the network.
When the flaw was discovered in late 2014, it had already been in existence for a decade. The source of the issue is an error in the HTTP cookie-management mechanism in the device software. All the attacker has to do is send a single packet containing a malicious HTTP cookie to begin an exploit.
Lior Oppenheim, a researcher for network and endpoint security vendor Check Point Software Technologies Ltd., discovered the flaw, officially known as CVE-2014-9222. According to Check Point, the vulnerability affects over 12 million affected devices in 200 different models. Any unpatched model using RomPager embedded web server software in a version earlier than v. 4.34 may be vulnerable.
Although there have not yet been any documented Misfortune Cookie router attacks, Check Point is publicizing the vulnerability as a wake-up call for small office and home (SOHO) networks and the embedded device industry.
See also: embedded device hacking
**Important note** - contact our company for very powerful solutions for IP management (DNS, IPv4 and IPv6), security, firewall, log management, DLP, IDS, IPS and APT solutions:
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.