Dangerous remote Linksys 0-day root exploit discovered
Posted on 14 January 2013.
DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers.


They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out the be incorrect. The latest Linksys firmware (4.30.14) and all previous versions are still vulnerable.

Leon Juranic, DefenseCode CEO, comments for Help Net Security: "According to numbers available on the Internet, Cisco Linksys is a very popular router with more than 70,000,000 routers sold. This creates an immense playground for anyone in possession of a 0-day exploit."

The vulnerability itself was discovered during a Cisco Linksys product security evaluation for a client and it took the researchers 12 days to develop a fully working exploit. That includes hardware hacking for router debugging, vulnerability analysis, memory analysis and exploit development.

After the researchers posted their findings online, Cisco finally got in touch again. They are expected to release a fix in time for the full advisory, which should see the light of day in about 10 days.

The video below shows the exploit tested on a Cisco Linksys WRT54GL:



Update: Friday, January 18, 2013.
Although Cisco claims that the vulnerability exists only in their Linksys WRT54GL router, DefenseCode started investigating their claim and from what they can tell so far, at least one other (not just the WRT54GL) Linksys model is probably vulnerable.

Moreover, during the analysis they discovered clues that network devices from other manufacturers might also contain the same vulnerability. They are still investigating.






Spotlight

Hackers indicted for stealing Apache helicopter training software

Posted on 1 October 2014.  |  Members of a computer hacking ring have been charged with breaking into computer networks of prominent technology companies and the US Army and stealing more than $100 million in intellectual property and other proprietary data.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //