customer premises equipment (CPE) Archives

On Friday, the firm Allegro Software of Boxborough, Massachusetts, released an odd-sounding statement encouraging all its customers to “maintain firmware for highest level of embedded device security.” Specifically, Allegro wanted to warn customers about the need to apply a software update to address two recently discovered vulnerabilities affecting its Rom Pager embedded web server: CVE-2014-9222 and CVE-2014-9223, collectively known as the “Misfortune Cookie” vulnerabilities. That patch in question was released almost ten years ago – in 2005. As reported widely last week, the vulnerabilities affecting the Rom Pager software can be found in some 12 million broadband routers by manufacturers including Linksys, D-Link, Huawei, TP-Link, ZTE and Edimax. In short: some of the most common sellers of broadband routers in the world. The security firm CheckPoint discovered the vulnerabilities and issued a report about them. (The report web site is here and a PDF format report is here.) According to CheckPoint, the Misfortune Cookie vulnerability has to […]

customer premises equipment (CPE)

Recent Posts

Episode 257: Securing Software on Wheels with Dennis Kengo Oka of Synopsys

Malicious Python Packages Target Crypto Wallet Recovery Passwords

Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity

China Calls Out U.S. For Hacking. The Proof? TBD!

Episode 255: EDM, Meet CDM – Cyber Dance Music with Niels Provos

Subscribe to Podcast