by Mirko Zorz - Editor in Chief - Monday, 11 August 2014.
Check Point has released its findings of security concerns in CPE WAN Management Protocol (CWMP/TR-069) deployments, used by major ISPs globally to control business and consumer home internet equipment such as Wi-Fi routers, VoIP phones, amongst other devices.
Researchers uncovered a number of critical zero-day vulnerabilities that might have resulted in the compromise of millions of homes and business worldwide, through flaws in several TR-069 server implementations.
Once compromised, the malicious exploitation could have led to massive malware infections, illegal mass-surveillance and privacy invasions, and/or service interruptions, including the disabling of an ISP's Internet service. Attackers could also steal personal and financial data from huge numbers of businesses and consumers.