On April 23rd, according to BleepingComputer, researchers from the cybersecurity firm ESET discovered that some enterprise-grade routers sold on the secondhand market still contain sensitive data that has not been properly wiped, making them vulnerable to exploitation by hackers to disrupt corporate environments or obtain customer information.
The researchers purchased 18 secondhand core routers, including 4 Cisco (ASA 5500) routers, 3 Fortinet (Fortigate series) routers, and 11 Juniper Networks (SRX series service gateways). Core routers serve as the backbone of large networks, connecting all other network devices. They support various data communication interfaces and can forward IP packets at the highest speeds. The researchers found that over half of these routers still had access to complete configuration data, revealing how their previous owners had set up the networks and a wealth of detailed information about the connections between various systems.
Moreover, some routers retained customer information, data that allowed third-party connections to the network, and even credentials for trusted parties connecting to other networks. The researchers also discovered authentication keys and hash values used to connect multiple routers in some of these routers with exposed configuration data.
The researchers pointed out that such internal data exposed by these routers is typically visible only to high-privileged individuals like network administrators and corporate management. For instance, VPN credentials or other easily crackable authentication tokens can be exploited by hackers to devise highly covert attack strategies, such as impersonating the network or internal hosts for attacks. They even found one of the routers belonged to a Managed Security Services Provider (MSSP), which handles networks for hundreds of clients from various industries, including education, finance, healthcare, and manufacturing.
For enterprise network devices that are being decommissioned, administrators need to run specific commands to securely erase configurations and perform resets; otherwise, routers can boot into recovery mode and expose previous setup information. Therefore, the researchers emphasized that companies should develop secure procedures for disposing and destroying their digital devices.
-400x400.JPG)
