According to security experts at Independent Security Evaluators, they managed to detect several critical vulnerabilities in 13 models of home routers of such companies as Linksys, Belkin, Netgear, Verizon and D-Link.
Researchers state that they contacted the developers and gave them information required to create patches. However, Independent Security Evaluators did not disclose the whole list of vulnerable models or a detailed description of the flaws.
At the same time, the company provided a chart showing the results of exploitation of security breaches on different devices:
We should emphasize that researchers call attacks trivial when they can be performed without user intervention, while unauthenticated attacks require minimal user intervention (the user has to follow the link leading to malicious website). There are also authenticated attacks, which require the attacker to have access to credentials or a victim to be logged in with an active session at the time of the attack.
Some vulnerabilities got CVE-numbers. The list looks as follows:
CVE-2013-2644: FTP Directory Traversal
CVE-2013-2645: Cross-Site Request Forgery
CVE-2013-2646: Denial of Service
CVE-2013-3064: Unvalidated URL Redirect
CVE-2013-3065: DOM Cross-Site Scripting
CVE-2013-3066: Information Disclosure
CVE-2013-3067: Cross-Site Scripting
CVE-2013-3068: Cross-Site Request Forgery
CVE-2013-3069: Cross-Site Scripting
CVE-2013-3070: Information Disclosure
CVE-2013-3071: Authentication Bypass
CVE-2013-3072: Unauthenticated Hardware Linking
CVE-2013-3073: SMB Symlink Traversal
CVE-2013-3074: Media Server Denial of Service
You may find the full report by Independent Security Evaluators here.
