A recently discovered authentication vulnerability in the firmware of several models of InnGate routers made by ANTlabs could be putting hundreds of hotel guests' data at risk.
The flaw could allow an a attacker to distribute malware to guests, monitor and record data sent over the network and possibly gain access to the hotel's reservation and keycard systems, Wired reported. If exploited, attackers could gain direct access to the root file system of the device. At this point, they could write files to the routers or copy configuration and other files from the system.
Cylance researchers found 277 vulnerable devices in 29 countries, although they noted that others could exist. More than 100 devices were located in the U.S. Sixteen were found in the U.K.
Although most InnGate routers were found in hotels, some were located at convention centers, as well.
UPDATE: ANTlabs issued a patch for the vulnerability on Thursday, according to a company blog post. Router owners under a valid support contract can get the patch from the company's online patching store. Those without a valid contract will need to apply the patches manually.
