Home routers provided by Internet Service Providers (ISPs) and accessed through TR-069 (CWMP) protocol for remote management have been found to be vulnerable, some security researchers say.
At the DefCon hacker convention in Las Vegas last week, Shahar Tal, security researcher at CheckPoint Software Technologies, presented the risks of an attacker compromising the Auto Configuration Servers (ACS) used by ISPs to manage customer devices.
Devices with TR-069 enabled communicate with their oper…