Jump to content
C4 Forums | Control4

RK-1 & RT-3100 Pakedge Router Security Incident - DEC'22

jebt2921

By jebt2921
in Networking

 Share

Recommended Posts


Andrew luecke Mentor

Andrew luecke

Posted
Posted

They posted information to: https://tech.control4.com/s/article/Pakedge-Router-Security-Incident-DEC-22, Facebook and the dealer forums (also, keep in mind, C4 Forums is a community Forum, and isn't run by SnapAV. And your best source of information might be your dealer, as they know your exact circumstances). 

 

So, firstly, keep in mind, I don't work for snap (so, this isn't an official summary, and it could be wrong).. But my understanding is:

Affecting Pakedge RK-1 and RT-3100 routers, an external botnet was used to target and attack a vulnerability in the remote support features present on a subset of Pakedge routers beginning on December 18, 2022. (SnapAV wrote this summary, the rest is mine)

  • If Remote Support was enabled, in some cases a botnet compromised the unit via the port and ran on the router. No evidence of data being compromised in any capacity, and no evidence of further attacks from the router being compromised on the network. Script kiddies generally use botnets to show other 10 year olds they can DDOS and flood other websites offline, and be l33t and take over Gibson mainframes .
  • Remote support by default is off on firmware 2.00.1 and 1.08.04 or lower is secure regardless
  • As of 10PM EST Dec 21st, 98% of AFFECTED sites with the vulnerability were already patched by Snap. By now, that number would be much higher 
  • These days, most installers probably use OVRC for remote access instead, which is recommended.
  • You can turn off Wan Access and Support access to also patch the bug (but if remote access is needed, it should be added to OvrC first, and tested properly)

If its shows disconnected in OvrC, you might be still affected and it could be worthwhile contacting your installer (but at this point of time, the problem has likely already been fixed on your router)

Just to stress, apparently it doesn't look like any customer data was actually compromised, and there is no evidence that further attacks were launched from the routers against users networks. And only routers with WAN access or support access enabled were affected at all (and they needed to be running a new enough version). Snap has already rolled out a security fix too which from my understanding removes the trojan  

Link to comment
Share on other sites
This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept