Skip to the main content.

1 min read

Is Your Router Opening Your Business to Cybercrime? You Might Have Been Given the Misfortune Cookie!

Misfortune Cookie Security FlawA critical flaw has been discovered in over 12 million routers that could open up a network to easy hijacking by cybercriminals. Is your business safe from cybercrime? Find out for certain with the security experts at {company} – call us at {phone} today for a vulnerability assessment.

The security researchers at Check Point Software Technologies have identified a vulnerability in many small office / home office (SOHO) routers that is incredibly easy to exploit. Over 12 million routers in 189 countries have already been determined to be affected by the flaw, and more are being discovered now.

Dubbed the “Misfortune Cookie” by Check Point, the flaw is ridiculously simple to exploit:

  • An attacker simply needs to send a single packet to your public IT address. No complex hacking tools or techniques are required – just a modern web browser.

That’s it. That’s all it could take to compromise your business. Essentially, the flaw is due to an error in the HTTP cookie management system in the software of the routers, allowing attacks to send a specially designed cookie to the public IP address of a router. Once the cookie is in, the attacker can take complete control of the network with full administrative privileges. This could allow all sorts of potential cybercrime, including:

  • Theft of usernames and passwords.
  • Monitoring and theft of business and personal data, including sensitive financial information.
  • Easier attacking and hijacking of devices connected to the network, including smartphones and tablets.
  • The easy ability to install malware and use business computers for further cybercrime.

This flaw has been in existence since 2002, and affects over 200 different router models, including TP-Link, Huawei, SmartAX, Zyxel, Netcomm, Edimax, and more. You can find a full list of compromised devices here.

What Can You Do?

If your device is included on the compromised list, you should immediately contact your router manufacturer for a firmware upgrade to address the flaw. If you’re not able to connect with the manufacturer, you should immediately contact us for assistance. The window for cybercriminals to exploit Misfortune Cookie is closing, and that means they will be looking for any and all opportunities to get whatever benefits they can from any vulnerable systems they can find.

Don’t take your security for granted! To discover if you’re at risk from Misfortune Cookie or any other security vulnerabilities, contact us today.

Critical Crypto Flaw in Microsoft SChannel Affects All Windows Software: Patch Your Systems ASAP! Don’t Wait Until It’s Exploited!

Critical Crypto Flaw in Microsoft SChannel Affects All Windows Software: Patch Your Systems ASAP! Don’t Wait Until It’s Exploited!

A few months ago Heartbleed, apparently named after a James Bond villain, was a security bug that made headlines even in major, non-tech focused...

Read More
The 7 Things You MUST Include in Your Business Continuity and Disaster Recovery Plan

The 7 Things You MUST Include in Your Business Continuity and Disaster Recovery Plan

Is your business prepared to weather an information technology disaster?

Read More
JPMorgan Chase: Still Not Convinced Your Business Needs A Technology Security Review? Think Again.

JPMorgan Chase: Still Not Convinced Your Business Needs A Technology Security Review? Think Again.

The largest hacking attempt ever has been announced. JPMorgan Chase Bank announced on Oct 2 that 76 million personal accounts and 7 million business...

Read More