Routers and connected devices, including network cameras from companies such as Netgear, Linxis and Axis, as well as Linux distributions such as Embedded Gento have been found to be affected by a domain name system (DNS) poisoning error in two popular libraries. For connected devices. The researchers who discovered its presence because the loophole had not yet been patched did not reveal the exact patterns affected by the fragility. However, fragile libraries are used by a large number of vendors, some of which include reputable routers and Internet of Things (IoT) device manufacturers.
Researchers at Nozomi Networks, an IT security company Said DNS execution of all versions of the uClibc and uClibc-ng libraries contains DNS malicious error, which an attacker can use to redirect users to malicious servers and steal information shared by infected devices. This problem was first discovered last year and was reported to 200 sellers in January.
uClibc is used by vendors including Netgear, Linksys and Axis, and is a component of Linux distributions such as Embedded Gentu. This shows the wide range of error that affects a large number of users worldwide.
Vulnerability in both libraries allows attackers to estimate a parameter called a transaction ID, which is usually a unique number for each request made by the client to protect communication via DNS.
Under normal circumstances, if the transaction ID is not available or is different from what was generated on the client side, the system will ignore the response. However, since vulnerability brings with it the speculation of a transaction ID, an attacker can eventually guess the number to trick legitimate DNS and redirect requests toward a fake web server or phishing website.
Researchers have found that DNS poisoning attacks can trigger attackers’ next man-in-the-middle attack, helping them to steal or alter the information transmitted by users or even compromise devices that contain malicious libraries.
“Because this vulnerability will not be unpatch, we will not disclose specific devices that we have tested for the security of the community. However, we can reveal that they are a series of well-known IoT devices that are running the latest firmware versions most likely. They are running on all complex infrastructure,” Nozomi Networks Security researcher Andrea Palanca said.
The maintainer of uClibc-ng wrote in the open forum that they could not solve the problem at their end. Similarly, according to the details available on uClibc, no update has been received since 2010 Download page Library, as Observed By Ars Technica.
However, device vendors are currently in the process of evaluating the problem and its impact.
Netanger Released a statement To determine the effect of vulnerability on its equipment.
“Netgear is aware of industry – wide security vulnerabilities that may affect certain products in the UClibc and uClibc-ng embedded C libraries. Netgear is evaluating which products will be affected. Extortion “the company said.
It also assured that it would continue to investigate the issue and assess whether the solution would apply to the affected Netgear products if a solution becomes available in the future.
Gadgets360 also contacts sellers including Linksis and Axis to get their comments on the error and update this article when they respond.