- This topic has 1 voice and 0 replies.
Viewing 0 reply threads
Viewing 0 reply threads
- You must be logged in to reply to this topic.
› Forums › Security › News (Security) › WootCloud Detected Thousands of Exposed Cisco Routers Administrative Web Consoles
Tagged: IoTNetwork_H5
News#(Security) [ via IoTForIndiaGroup ]
WootCloud Detected Thousands of Exposed Cisco Routers Administrative Web Consoles
Overview
WootCloud conducted an analytical study of exposed Cisco router devices on the Internet. The purpose of the study is to determine the potential number of exposed Cisco routers running administrative web consoles configured as a result of level 15 access. Exposed routers could become potential targets for the malware authors to compromise these devices and use the same for nefarious purposes on the Internet by forming botnets. Compromised routers can be used for building botnets to trigger unauthorized operations such as launching brute-force attacks, bitcoin mining, building hidden proxy tunnels, and many others. The study reflects the risk carried by organizations for allowing the administrative web consoles to exposed on the Internet that can be accessible by remote users without any restriction. In this research, WootCloud observed more than 200,000 Cisco routers running with exposed web administrative panels.
Analysis
Any exposed cisco router running web service on TCP port 80 or TCP port 443 respectively send HTTP response headers as shown below: