Tenable Research has discovered new vulnerabilities affecting Nokia (Alcatel-Lucent) GPON Routers. If exploited, threat actors could recruit compromised devices to create the next Miraibotnet.
For home users with affected routers, attackers could gain access to the device to sniff traffic – including account credentials, card details, etc.; access devices connected to the router – including IoT devices, computers and smartphones/tablets; or even install malware.
While the research team has validated that these vulnerabilities affect Nokia (Alcatel-Lucent) GPON routers, typically supplied by ISPs to homes in China, other devices with the same firmware have yet to be tested so may equally be at risk. Using Shodan (an online search tool) c. 220,000 devices were detected (Picture 1).
Nokia has advised that they are working on releasing patches. Affected users are reliant on their ISP to auto-update affected devices. A medium blog with further technical details is available here.