New Tunneling Protocol Vulnerabilities Lets Attackers Hijack Over 4 Million Internet Hosts & VPN
Researchers from Top10VPN report to Cyber Security News that they have Uncovered Major Vulnerabilities in Tunneling Protocols .
cybersecuritynews.comHere’s the latest on tunneling protocol vulnerabilities based on recent reporting.
Answer
- There are widespread disclosures in January 2025 about critical flaws in common tunneling protocols (such as IPIP/IP6IP6, GRE/GRE6, and 6in4/4in6) that could allow attackers to hijack VPN servers, home routers, and other internet-facing hosts, potentially enabling anonymous traffic and targeted DoS attacks.[2][3][4]
Key Takeaways
- A large-scale scan found millions of vulnerable hosts, with estimates commonly cited around 4.2 million, spanning VPN servers, consumer routers, and some core network equipment.[3][4]
- Attack techniques discussed include unauthenticated packet forwarding, IP spoofing, and novel DoS methods like Tunneled-Temporal Lensing (TuTL) and Economic Denial of Sustainability (EDoS).[4][2]
- Impact appears geographically broad, with notable concentrations in multiple countries and across various Autonomous Systems, including consumer ISPs, telecoms, and cloud/CDN providers.[3][4]
What you can do now
- Apply available patches or firmware updates from device manufacturers for VPN gateways, routers, and any exposed tunneling agents, and review configurations to enforce authentication and encryption where possible.
- Consider network-level mitigations: restrict unauthenticated tunneling traffic, enable strict ingress/egress filtering, and monitor for unusual tunneling activity or spoofed source addresses.
- If you manage a corporate network, perform an asset inventory to identify devices using tunneling protocols and verify support for secure variants or alternatives where feasible.
Illustrative example
- A home router acting as a VPN endpoint could be abused as an anonymous proxy if tunneling traffic isn’t authenticated, potentially allowing attackers to forward traffic through the device and reach internal resources; owners should ensure firmware is up to date and tunneling services are properly protected.[1][4]
Would you like a concise checklist tailored to Prague-based or Czech networks, with recommended vendors and firmware references? I can also assemble a short, read-friendly summary of the mitigations and the most critical CVEs involved, with links.[2][4]