Residential gateway (/SOHO router) exploitation is a climbing development in the protection landscape
At any time so normally do we listen to of nonetheless a different vulnerable machine, with the occasional campaign qualified from specific variations of equipment as a result of independent scanning or Shodan dorking. We shine a vivid light on TR-069/CWMP, the beforehand beneath-researched, de-facto CPE system management protocol, and particularly concentrate on ACS (Vehicle Configuration Server) application, whose pwnage can have devastating consequences on vital quantities of consumers. These servers are, by style, in full command of whole fleets of customer premises units, intended for use by ISPs and Telco companies. or nation-point out adversaries, of system (sorry NSA, we know it was a cool assault vector with the greatest study-several hours-to-mass-pwnage ratio). We investigate numerous TR-069 ACS platforms, and reveal a number of cases of inadequately secured deployments, where we could have attained handle around hundreds of countless numbers of devices.