There’s a patch for the InnGate Wi-Fi routers, but no guarantee it’s been installed. Corporate travelers should be warned that a Wi-Fi router commonly used in hotels is easily compromised, putting guests passwords at risk and opening up their computers to malware infections and direct attacks.The good news is that there is a patch for the flaw, but there is no guarantee affected hotels will install it right away.+ More on Network World: 10 young security companies to watch in 2015 +Cylance, a security vendor whose research team found the problem, says 277 InnGate routers in 29 countries are affected. The routers are made by ANTLabs. Cylance map of where the vulnerable InnGate routers are located.Cylance researchers wouldn’t say which hotels were using the devices. “Listing those vulnerable devices at this time would be irresponsible and could result in a compromise of those networks,” says the Cylance SPEAR team blog. “Take it from us that this issue affects hotels brands all up and down the spectrum of cost, from places we’ve never heard of to places that cost more per night than most apartments cost to rent for a month.”The vulnerability could also affect the hotels themselves if attackers are able to compromise the router then move to other parts of the hotel network, SPEAR says, potentially affecting reservations and billing. “ANTLabs InnGate devices are a popular Internet gateway for visitor-based networks. They’re commonly installed in hotels, convention centers and other places that provide temporary guests access to a WiFi connection. If you’ve ever used WiFi in a hotel, you’re familiar with these types of devices as they are typically tied to a specific room number for billing purposes,” the blog says.The flaw, called CVE-2015-0932, gives read and write access to the file system of the routers. “Remote access is obtained through an unauthenticated rsync daemon running on TCP 873. Once the attacker has connected to the rsync daemon, they are then able to read and write to the file system of the Linux based operating system without restriction,” according to the blog.Once access is gained to the file system, it’s trivial to execute remote code on the machine, it says. Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe