8/10/2019 Misfortune Cookie Suspected Vulnerable

1/5

2015 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content

December 17, 2014

Misfortune Cookie: The Hole in Your Internet Gateway | Suspected Vulnerable List

CHECK POINTMISFORTUNE COOKIE

SUSPECTED VULNERABLEMODEL LIST

WHAT IS THE MISFORTUNE COOKIE VULNERABILITY?

Misfortune Cookie is a critical vulnerability that allows an intruder to remotely takeover a residential gateway device and use it to attack the devices connected to it.

Researchers from Check Points Malware and Vulnerability Rese arch Group recentlyuncovered this critical vulnerability present on millions of residential gateway (SOHOrouter) devices from different models and makers. It has been assigned the CVE-2014-9222 identifier. This severe vulnerability allows an attacker to remotely takeover the device with administrative privileges.

HOW MANY DEVICES ARE AFFECTED?To date, researchers have distinctly detected at least 12 million readily exploitabledevices connected to the Internet present in 189 countries across the globe, makingthis one of the most widespread vulnerabilities revealed in recent years.

HOW DOES IT AFFECT ME?

If your gateway device is vulnerable, then any device connected to it - includingcomputers, phones, tablets, printers, security cameras, refrigerators, toasters or anyother networked device in your home or office network - may have increased risk ofcompromise. An attacker exploiting the Misfortune Cookie vulnerability can easilymonitor your Internet connection, steal your credentials and personal or businessdata, attempt to infect your machines with malware, and over-crisp your toast.

IS IT THAT BAD?

Yes.

8/10/2019 Misfortune Cookie Suspected Vulnerable

2/5

2015 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content

December 17, 2014

Misfortune Cookie: The Hole in Your Internet Gateway | Suspected Vulnerable List

WHICH MODELS ARE AFFECTED? AM I AFFECTED?

Prior to this publication and the expected firmware patches, we believe that devicescontaining RomPager services with versions before 4.34 (and specifically 4.07) arevulnerable. Note that some vendor firmware updates may patch RomPager to fix

Misfortune Cookie without changing the displayed version number, invalidating this asan indicator of vulnerability.

HOW WAS THIS LIST COMPILED?The task of fingerprinting online devices is a challenging one. Devices may or maynot contain an identifying banner as a response for an unauthenticated user. Thebanner may include a model number, a brand name, or a simple welcome messagethat makes it hard to identify the underlying hardware.To make things even more challenging, manufacturers and ISPs commonly rebrand adevice using different names and model numbers per distribution location or productseries.

The following list was collected through Internet-wide scanning on various ports.When we detected a response from a suspected vulnerable RomPager service, weadded the HTTP authentication realm to our list, which typically contained a modelnumber for the device.Brand names were collected using online search results for the model numbers.

This does not mean all firmware versions of the device are vulnerable. It means atleast one version of that device seemed vulnerable during our scans, performedNovember 2014.

The list is therefore by no means complete, exhaustive, or error-proof. We did not

attempt to test or verify on all models, as we do not own every model in our lab.Please contact your device manufacturer (or ISP in case of ISP-provided equipment)to check if your model is vulnerable to Misfortune Cookie.

This list was last updated at December 22, 2014, 12:11 GMT

8/10/2019 Misfortune Cookie Suspected Vulnerable

3/5

2015 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content

December 17, 2014

Misfortune Cookie: The Hole in Your Internet Gateway | Suspected Vulnerable List

SUSPECTED-VULNERABLE MODELS

110TC2 Beetel16NX073012001 Nilox16NX080112001 Nilox

16NX080112002 Nilox16NX081412001 Nilox16NX081812001 Nilox410TC1 Beetel450TC1 Beetel450TC2 Beetel480TC1 Beetel

AAM6000EV/Z2 ASUS AAM6010EV ASUS AAM6010EV/Z2 ASUS AAM6010EV-Z2 ASUS AAM6020BI ASUS AAM6020BI-Z2 ASUS AAM6020VI/Z2 ASUS AD3000W starnet ADSL Modem Unknown ADSL Modem/Router Unknown ADSL Router BSNL AirLive ARM201 AirLive AirLive ARM-204 AirLive AirLive ARM-204 Annex A AirLive AirLive ARM-204 Annex B AirLive AirLive WT-2000ARM AirLive AirLive WT-2000ARM Annex A AirLive AirLive WT-2000ARM Annex B AirLive AMG1001-T10A ZyXEL APPADSL2+ Approx APPADSL2V1 Approx AR-7182WnA Edimax AR-7182WnB Edimax AR-7186WnA/B Edimax AR-7286WNA Edimax

AR-7286WnB Edimax Arcor-DSL WLAN-Modem 100 Arcor Arcor-DSL WLAN-Modem 200 Arcor AZ-D140W AzmoonBillion Sky BillionBiPAC 5102C BillionBiPAC 5102S BillionBiPAC 5200S BillionBIPAC-5100 ADSL Router BillionBLR-TX4L Buffalo

BW554 SBSC300APRA2+ ConceptronicCompact Router ADSL2+ Compact

D-5546 den-itD-7704G den-itDelsa Telecommunication DelsaD-Link_DSL-2730R D-LinkDM 856W BinatoneDSL-2110W D-LinkDSL-2120 D-LinkDSL-2140 D-LinkDSL-2140W D-LinkDSL-2520U D-LinkDSL-2520U_Z2 D-LinkDSL-2600U D-LinkDSL-2640R D-LinkDSL-2641R D-LinkDSL-2680 D-LinkDSL-2740R D-LinkDSL-320B D-LinkDSL-321B D-LinkDSL-3680 D-LinkDT 815 BinatoneDT 820 BinatoneDT 845W BinatoneDT 850W BinatoneDWR-TC14 ADSL Modem UnknownEchoLife HG520s HuaweiEchoLife Home Gateway HuaweiEchoLife Portal de Inicio HuaweiGO-DSL-N151 D-LinkHB-150N HexabyteHB-ADSL-150N HexabyteHexabyte ADSL HexabyteHome Gateway Huawei

iB-LR6111A iBalliB-WR6111A iBalliB-WR7011A iBalliB-WRA150N iBalliB-WRA300N iBalliB-WRA300N3G iBallIES1248-51 ZyXELKN.3N KraunKN.4N KraunKR.KQ Kraun

8/10/2019 Misfortune Cookie Suspected Vulnerable

4/5

2015 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content

December 17, 2014

Misfortune Cookie: The Hole in Your Internet Gateway | Suspected Vulnerable List

KR.KS KraunKR.XL KraunKR.XM KraunKR.XM\t KraunKR.YL Kraun

Linksys BEFDSR41W LinksysLW-WAR2 LightWaveM-101A ZTEM-101B ZTEM-200 A ZTEM-200 B ZTEMN-WR542T MercuryMS8-8817 SendTelMT800u-T ADSL Router BSNLMT880r-T ADSL Router BSNLMT882r-T ADSL Router BSNLMT886 SmartAXmtnlbroadband MTNLNetBox NX2-R150 NiloxNetcomm NB14 NetcommNetcomm NB14Wn NetcommNP-BBRsx IodataOMNI ADSL LAN EE(Annex A) ZyXELP202H DSS1 ZyXELP653HWI-11 ZyXELP653HWI-13 ZyXELP-660H-D1 ZyXELP-660H-T1 v3s ZyXELP-660H-T3 v3s ZyXELP-660HW-D1 ZyXELP-660R-D1 ZyXELP-660R-T1 ZyXELP-660R-T1 v3 ZyXELP-660R-T1 v3s ZyXELP-660R-T3 v3 ZyXELP-660R-T3 v3s ZyXELP-660RU-T1 ZyXEL

P-660RU-T1 v3 ZyXELP-660RU-T1 v3s ZyXELP-660RU-T3 v3s ZyXELPA-R11T SolwisePA-W40T-54G PreWareCerberus P 6311-072 PentagramPL-DSL1 PreWarePN-54WADSL2 ProNetPN-ADSL101E ProNetPortal de Inicio Huawei

POSTEF-8840 PostefPOSTEF-8880 PostefPrestige 623ME-T1 ZyXELPrestige 623ME-T3 ZyXELPrestige 623R-A1 ZyXEL

Prestige 623R-T1 ZyXELPrestige 623R-T3 ZyXELPrestige 645 ZyXELPrestige 645R-A1 ZyXELPrestige 650 ZyXELPrestige 650H/HW-31 ZyXELPrestige 650H/HW-33 ZyXELPrestige 650H-17 ZyXELPrestige 650H-E1 ZyXELPrestige 650H-E3 ZyXELPrestige 650H-E7 ZyXELPrestige 650HW-11 ZyXELPrestige 650HW-13 ZyXELPrestige 650HW-31 ZyXELPrestige 650HW-33 ZyXELPrestige 650HW-37 ZyXELPrestige 650R-11 ZyXELPrestige 650R-13 ZyXELPrestige 650R-31 ZyXELPrestige 650R-33 ZyXELPrestige 650R-E1 ZyXELPrestige 650R-E3 ZyXELPrestige 650R-T3 ZyXELPrestige 652H/HW-31 ZyXELPrestige 652H/HW-33 ZyXELPrestige 652H/HW-37 ZyXELPrestige 652R-11 ZyXELPrestige 652R-13 ZyXELPrestige 660H-61 ZyXELPrestige 660HW-61 ZyXELPrestige 660HW-67 ZyXELPrestige 660R-61 ZyXEL

Prestige 660R-61C ZyXELPrestige 660R-63 ZyXELPrestige 660R-63/67 ZyXELPrestige 791R ZyXELPrestige 792H ZyXELRAWRB1001 ReconnectRE033 RoteadorRTA7020 Router MaxnetRWS54 ConnectionncSG-1250 Everest

8/10/2019 Misfortune Cookie Suspected Vulnerable

5/5

2015 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content

December 17, 2014

Misfortune Cookie: The Hole in Your Internet Gateway | Suspected Vulnerable List

SG-1500 EverestSmartAX SmartAXSmartAX MT880 SmartAXSmartAX MT882 SmartAXSmartAX MT882r-T SmartAX

SmartAX MT882u SmartAXSterlite Router SterliteSweex MO300 SweexT514 TwisterTD811 TP-LinkTD821 TP-LinkTD841 TP-LinkTD854W TP-LinkTD-8616 TP-LinkTD-8811 TP-LinkTD-8816 TP-LinkTD-8816 1.0 TP-LinkTD-8816 2.0 TP-LinkTD-8816B TP-LinkTD-8817 TP-LinkTD-8817 1.0 TP-LinkTD-8817 2.0 TP-LinkTD-8817B TP-LinkTD-8820 TP-LinkTD-8820 1.0 TP-LinkTD-8840T TP-LinkTD-8840T 2.0 TP-LinkTD-8840TB TP-LinkTD-W8101G TP-LinkTD-W8151N TP-LinkTD-W8901G TP-Link

TD-W8901G 3.0 TP-LinkTD-W8901GB TP-LinkTD-W8901N TP-LinkTD-W8951NB TP-LinkTD-W8951ND TP-Link

TD-W8961N TP-LinkTD-W8961NB TP-LinkTD-W8961ND TP-LinkT-KD318-W MTNLTrendChip ADSL Router BSNLUM-A+ AsotelVodafone ADSL Router BSNLvx811r CentreCOMWA3002-g1 BSNLWA3002G4 BSNLWA3002-g4 BSNLWBR-3601 LevelOneWebShare 111 WN AtlantisWebShare 141 WN AtlantisWebShare 141 WN+ AtlantisWireless ADSL Modem/Router UnknownWireless-N 150Mbps ADSLRouter BSNLZXDSL 831CII ZTEZXDSL 831II ZTEZXHN H108L ZTEZXV10 W300 ZTEZXV10 W300B ZTEZXV10 W300D ZTEZXV10 W300E ZTEZXV10 W300S ZTE