How can I protect my system from Rom 0 vulnerability?

503    Asked by Ankesh Kumar in SQL Server , Asked on Jan 18, 2022

 I'm using an antivirus that told me that my router can be compromised with the ROM-0 vulnerability. It told me to use "port forwarding" to fix it. But, my router have a "port triggering", which they say is an upgrade from "port forwarding"How can I fix the vulnerability? Do I really need to know the model to fix the vulnerability? Isn't there any type of general fix for routers?


Answered by Anil Jha

Google suggests two slightly different vulnerabilities when queried about Rom 0, best explicated here: http://www.dlink.com/it/it/support/support-news/2015/july/14/misfortune-cookie-rompager-vulnerabilitily-allegro-rompager-vulnerability-rom0-athentication-bypass and here: https://k0st.wordpress.com/2015/07/05/identifying-and-exploiting-rom-0-vulnerabilities/

In both of these cases there are a number of reasons that antivirus software running on a laptop or desktop in your home network may not be correct in signaling the presence of this issue with your home router. If you are running the latest version of your router's firmware, and it has a publication date of late 2015 or 2016, it is unlikely to be affected by this issue, regardless of whatever is being reported by antivirus software.

Should this vulnerability nevertheless exist in your router, the common method of exploitation involves some attacker on the internet sending a compromising request to your router. This ONLY works if your router is configured to listen to external requests, a configuration feature usually called "remote management." Ensure that this feature is disabled in your router's admin panel. This is the best mitigation for this issue and for many others.

The mitigation suggested by the antivirus software, to stand up port forwarding, is much worse than disabling remote management. Even in the presence of this vulnerability and some inability to disable remote management, the efficacy of port forwarding against attacks like this depends on specific implementation details of the router. It may have been discovered that it was effective for one particular flavor of the vulnerability but that doesn't guarantee it would be effective against another. What port forwarding does is enable someone outside your network to send traffic into your network, which is almost never a good idea.

The best approach with a router that doesn't have updated firmware and that can't disable remote management is to get another router. Finally, port triggering is a different feature than port forwarding and cannot be used to mimic port forwarding. The semantics of the suggested port forwarding rules are that requests from outside your home network arriving on port 80 on the outside of your router should be "sinkholed" or sent to some non-existent destination inside your home network- the implication being that they will be sent inside your network rather than being processed by your router (which could lead to your router being exploited). As above, whether or not this mitigation would work in practice depends on the implementation details of the router. And again, a much more effective mitigation is to disable remote management, which tells your router to not listen at all to requests originating outside your network.

The semantics of port triggering are that requests from inside your home network that go out on a specific port trigger the router to open specific external ports and forward incoming requests on them to the machine inside the network from which the triggered request originated. Port triggering is not activated by requests arriving at your router from the outside, and the effect of opening external ports and forwarding external requests in your machine inside your network is the opposite of sinkholing. The one use case for port triggering is gaming, in which a specific kind of outgoing request informs the router that a game is beginning, so incoming traffic associated with the game should be passed along to the gaming machine.



Your Answer

Interviews

Parent Categories