Hello, my name is BWL-X8620, and I’m a SOHO router. For many years my fellow SOHO routers and I were victims of endless abuse by hackers. Default credentials, command injections, file uploading–you name it. And it is all just because we’re WAN-facing devices. Just because our ISP leaves our web server internet-facing makes hackers think it’s okay to attack and make us zombies. But today, I say NO MORE!
In this talk, I will show that if a web client can attack a web server, then an ISP client can attack the ISP servers! I will reveal a hidden attack surface and vulnerabilities in popular network equipment used by ISPs worldwide to connect end-users to the internet.
BRAS routers are not that different from us SOHO routers. No one is infallible. But, BRAS routers can support up to 256,000 subscribers, and exploiting them can cause a huge ruckus. Code executing can lead to a total ISP compromise, mass client DNS poisoning, end-points RCE, and more!
This talk will present a critical RCE vulnerability in PPPoE. That means we, the SOHO routers, can attack and execute code on the ISP’s that connect us to the internet!