Technology

Unpatched DNS Bug Affects Millions of Routers

An unresolved DNS flaw in popular C standard libraries is currently causing a stir: millions of devices — including Linksys and Netgear routers as well as IoT products — are vulnerable to the flaw. According to a new report from Bleeping Computer Online Magazine. Security researchers at Nozomi Networks Labs discovered a vulnerability (CVE-2022-05-02) that affects the Domain Name System (DNS) implementation of all versions of uClibc and uClibc-ng. These popular C standard libraries are mainly used in IoT products and routers. The vulnerability is caused by the predictability of the transaction IDs in the DNS queries generated by the library.

Because the transaction IDs are easy to figure out, remote attackers can perform so-called DNS poisoning attacks on target devices. Protective measures on the internet With the help of DNS poisoning, attackers manage to trap their victims. The request for a specific domain will return an incorrect IP address. Thus, victims are redirected to compromised websites without even noticing. “The attacker could then steal or manipulate the information submitted by users and launch further attacks on those devices to compromise them completely. The main problem is how DNS poisoning attacks can force an authenticated response,” explains Nozomi Networks.

No details on affected devices

The uClibc library is used by well-known manufacturers such as Linksys, Netgear, and Axis or by Linux distributions such as Embedded Gentoo. uClibc-ng is a fork specially designed for OpenWRT, a popular operating system for routers. The vulnerability was communicated to more than 200 vendors with 30 days notice prior to disclosure. Nozomi Networks reports that the library administrator was unable to develop a solution. Therefore, no details are known about the devices on which the vulnerability could be reproduced.