Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Networking Security Hardware IT

Remote Linksys 0-Day Root Exploit Uncovered 133

Posted by samzenpus
from the protect-ya-neck dept.
Orome1 writes "DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out to be incorrect. The latest Linksys firmware (4.30.14) and all previous versions are still vulnerable."
This discussion has been archived. No new comments can be posted.

Remote Linksys 0-Day Root Exploit Uncovered

Comments Filter:
  • WRT54GL (Score:5, Informative)

    by markdavis (642305) on Monday January 14, 2013 @04:43PM (#42585785)

    Yes, you would think the summary would at LEAST say *WHICH* router it affects, since Linksys has lots of different models. It is the WRT54GL.

    I *love* that router and have probably 30 of them. Low power draw, real antenna, wall mountable, etc. My recommendation- install Toastman Tomato on it. They never crash, freeze, freak out, not work with certain devices, etc. Rock solid stuff.

    Strangely, the WRT54GL is STILL BEING SOLD!

  • WRT54GL? (Score:3, Informative)

    by Anonymous Coward on Monday January 14, 2013 @04:46PM (#42585811)

    Just gotta ask: have they tried it on any OTHER models? Because that's an OLD OLD router that shouldn't even be running cisco/linksys firmware anymore. Tomato, ddwrt, and openwrt all support it, all have support for it and much improved kernel and userspace versions.

    Additionally though the number of different arm processors and SoC arches they're running in their hardware makes me question the odds of a common exploit across all of them, especially since this isn't even a router support the new 'Cisco Cloud' configuration garbage.

    Anyway, what do the rest of you think, some wanna-be 'security' company trying to make a name for themselves scaremongering?

  • Re:WRT54GL (Score:5, Informative)

    by Synerg1y (2169962) on Monday January 14, 2013 @04:47PM (#42585825)
    People still run their 54gl's stock???

    Repeat after me: d-d--w-r-t [dd-wrt.com]

    Turns your router into something more like one of those fancy enterprise cisco routers. The 54gl is dd-wrt's 1st platform I believe (too lazy to look it up), so compatibility is bound to be around 100%.
  • Re:Remote? (Score:5, Informative)

    by Amouth (879122) on Monday January 14, 2013 @05:02PM (#42585977)

    that is far more difficult to do than if the exploit works on the WAN side.

  • Re:WRT54GL? (Score:5, Informative)

    by Baloroth (2370816) on Monday January 14, 2013 @05:03PM (#42585987)

    Just gotta ask: have they tried it on any OTHER models? Because that's an OLD OLD router that shouldn't even be running cisco/linksys firmware anymore.

    If by "OLD OLD" you mean "is still produced, sold, and obviously supported, and can be purchased on Newegg right this second with stock firmware" then sure. It's an extremely common router, even among the non-techie crowd, so I wouldn't be surprised if the majority of them are still on stock firmware.

  • by jht (5006) on Monday January 14, 2013 @05:07PM (#42586027) Homepage Journal

    So it's a vulnerability in the WRT54GL (and maybe the related routers) running mainly older firmware - it's a pretty old router model as are its cousins. And from watching the exploit video, it's a local vulnerability - not one you can exercise against the WAN port. So it looks like not such a big deal. After all, 98% of those just have the default password anyways.

    If the more advanced gear (like the RV routers and such) have this issue then I might be concerned. But I don't have enough info yet to worry or not.

  • Re:WRT54GL (Score:5, Informative)

    by VValdo (10446) on Monday January 14, 2013 @05:09PM (#42586057)

    I agree it's bad form not to put the router models in the summary. But from the press release [defensecode.com]...

    Exploit shown in this video [youtube.com] has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected.

    (emphasis mine)

    Incidentally, re: the GL model of the Linksys-- the "L" I'm pretty sure stands for Linux, and was the model that was in response [wikipedia.org] to everyone reinstalling dd-wrt and other firmware...

  • by Raystonn (1463901) on Monday January 14, 2013 @05:23PM (#42586207)
    Unless you have remote administration enabled, this exploit is only achievable from a system within the local network. This attack is not an internet threat.
  • Re:WRT54GL (Score:3, Informative)

    by formfeed (703859) on Monday January 14, 2013 @05:48PM (#42586437)

    Incidentally, re: the GL model of the Linksys-- the "L" I'm pretty sure stands for Linux, and was the model that was in response [wikipedia.org] to everyone reinstalling dd-wrt and other firmware...

    The WRT54GL was in response to the people being unable to run Linux on the newer revisions of the WRT54G, after Linksys "updated" the WRT54G by reducing the memory in the newer models. They basically restored the specs. of the original router and sold it for a premium.

  • by shoor (33382) on Monday January 14, 2013 @07:02PM (#42587173)

    Recent openwrt distros have a problem with the classic wrt54gl in that it doesn't have enough memory. I know because it happened to me. It installs, but when you try to change configuration, it bricks and you need to ground pin 15 to get it to reflash something. From the openwrt site:

    "In a test with OpenWrt 10.03.1-rc6, the OS will install but LuCI will be unable to update settings because there isn't enough flash left free."

    Old enough versions should work, but I'm happy with my tomato install.

  • Re:WRT54GL (Score:5, Informative)

    by Lothsahn (221388) <Lothsahn@@@SPAM_ ... u_bastardsyahocm> on Tuesday January 15, 2013 @12:55AM (#42588987)
    I love Tomato too--in fact, I use it at my house. However, Tomato was originally based off Stock Linksys, and might also be affected. Until full disclosure occurs, we'll not know for sure.

Never tell people how to do things. Tell them WHAT to do and they will surprise you with their ingenuity. -- Gen. George S. Patton, Jr.

Working...