Aqui está a lista de roteadores vulneráveis ao CherryBlossom

Com a divulgação de novos documentos da CIA pelo WikiLeaks no vazamento chamado de “Vault 7”, descobrimos que a Agência de Inteligência Americana também possuía softwares para espionagem em dispositivos conectados à internet. Neste caso os documento demonstram a existência de um kit de ferramentas chamado de CherryBlossom, que consistia em quatro programas para invasão e monitoramento de roteadores: FlyTrap, CherryTree, CherryWeb e Mission.

 

O kit CherryBlossom permitia o acesso não autorizado aos mais variados modelos de roteadores, de diferentes fabricantes. Aqui temos a lista completa divulgada pelo site WikiLeaks:

  • 3Com: 3CRWE454A72, 3CRWX120695A, 3CRWX275075A, 3CRTRV10075, 3CRWE41196, 3CRWE454G72, 3CRWE53172, 3CRWE554G72T, 3CRWE554G72TU, 3CRWE675075, 3CRWE725075A-US, 3CRWE754G72-A, 3CRWE754G72-B, 3CRWE825075A-US, 3CRWE875075A-US, 3CRWE91096A, 3CRWE91096A, 3CRWE920G73-US, 3CRWEASY96A, 3CRWEASY96A, 3CRWEASYG73-U, 3CRWX440095A
  • Accton: WA3101, WA4101, WA5101, WA5201, WA6101, WA6102, WA6102X
  • Aironet/Cisco: Aironet 1310 Outdoor Access Point /Bridge, Aironet 350 Series Wireless Bridge, 1300 Series Outdoor Access Point/Bridge, Aironet 1200 Series a/b/g Access Point, Aironet 1310 Outdoor Access Point/Bridge, Aironet 350 Series, Aironet 350 Series AP, Cisco Aironet 1400 Series Wireless Bridge, Cisco Aironet 1400 Series Wireless Bridge
  • Allied Telesyn: AT-WA1004G, AT-WA7500, AT-WL2411
  • Ambit: (No models specified)
  • AMIT, Inc: WIS418, WQS418, WUC128
  • ANI Communications: (No models specified)
  • Apple: AirPort Express
  • Asustek Co: WL-160g, WL-300, WL-300g, WL-330, WL-330g, WL-500b, WL-500g
  • Belkin: F5D7230-4
  • Breezecom: AP-10, AP-10D, BU-DS.11, BU-DS.11D, DS.5800 Base Unit, RB-DS.11, RB-DS.11D, SA-10, SA-10D, SA-40, SA-40D, WB-10, WB-10D
  • Cameo: WLB-2006_2007, WLB-2203/2204, WLG-2002/2003, WLG-2204/2205
  • D-Link: AP Manager or D-View SNMP management module?, DCS-2100+, DCS-3220G, DCS-5300G, DCS-5300W, DI-514, DI-524, DI-624, DI-714P+, DI-774, DI-784, DI-824VUP, DP-311P, DP-311U, DPG-2000W, DP-G310, DP-G321, DSM-320, DVC-1100, DWL-1000AP+, DWL-120, DWL-1700AP, DWL-1750, DWL-2100AP, DWL-2200AP, DWL-7000AP, DWL-7100AP, DWL-800AP+, DWL-810+, DWL-G700AP, DWL-G730AP, DWL-G800AP, DWL-G810, DWL-G820
  • Epigram: (No models specified)
  • Gemtek: WADB-100G, WHAPC-100GE 11G, WHRTC-100GW, WX-1500, WX-1590, WX-1600, WX-1688, WX-2214, WX-2501, WX-5520A, WX-5520G, WX-5525G, WX-5525R, WX-5541, WX-5545, WX-5551, WX-5555, WX-5800, WX-5801, WX-5803
  • Global Sun: CM054RT, WL AP 2454 NM0, WL AP 2454 QA0, WL AP 2454 QA3, WL MU 2454 13I0, WL RT 2454 NM0, WL RT 2554 QA0, WL UD 2454 13I0
  • Hsing Tech: (No models specified)
  • Linksys: BEFW11S4, WAP11, WAP51AB, WAP54G, WAP55AG, WCG200, WET54G, WET54GS5, WGA11B, WGA54G, WMA11B, WMLS11B, WPG12, WPG54G, WPS11, WPS54GU2, WRE54G, WRT54G, WRT54GP2, WRT54GS, WRT55AG, WRV54G, WVC11B, WVC54G
  • Motorola: WR850G
  • Orinoco: AP-2000 Access Point, AP-2500 Access Point, AP-4000 Tri-Mode Access Point, AP-600 Access Point, Orinoco AP-700, Tsunami MP.11, Tsunami QuickBridge 11, Tsunami QuickBridge 20, Tsunami QuickBridge 60
  • Planet Tec: WAP-1963A, WAP-4030, WRT-413, WAP-1963, WAP-1966, WAP-4000, WAP-4050, WAP-5000, WAP-5100, WL-U356, WRT-403, WRT-410
  • RPT Int: (No models specified)
  • Senao: 5GHz/2.4GHz Dual Band Wireless Access Point, Aries2, Dual Band Wireless Access Point, Long Range Wireless Dongle, Long Range Wireless Outdoor Client Bridge, NL-2511AP PRO PLUS, NL2511SR Plus, NL2511SR Plus(A), NL-2611AP3 PLUS, NL-3054CB3 PLUS, Outdoor Wireless Access Point/Router, Outdoor Wireless Bridge, SL2511SR Plus, Wireless 11g Broadband Router, Wireless Multi-Client Bridge/Access Point
  • US Robotics: USR5420, USR5430, USR5450, USR8054
  • Z-Com: XG-1100, XG-2000, XG-3020, XG-580, XG-580Plus, XG-581, XG-582, XI-1450, XI-1500, XI-1510

 

Nos artigos consultados não constam informações dos fabricantes sobre eventuais patches de correção até o momento. Embora o WikiLeaks não tenha disponibilizado os softwares de invasão, o risco é que estas ferramentas já estejam disponíveis para uso de grupos de hackers. Podemos ver em breve outro ataque em escala global, similar ao recente ataque com o Wannacry.

 

Fontes consultadas: WikiLeaks / Latest Hacking News

Imagens: Wikileaks/ ABCTec

Texto: Roberto Henrique – Analista de Seg. da Informação – ABCTec