Remote Linksys 0-Day Root Exploit Uncovered 133
Orome1 writes "DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out to be incorrect. The latest Linksys firmware (4.30.14) and all previous versions are still vulnerable."
Zero day? (Score:5, Insightful)
What's zero-day about this exploit?
It was found during testing, and there are no exploits in the wild.
As such it fails BOTH tests for being a zero day exploit:
- The company must not know the details of the exploit
- It must be in the wild
Stop using the phrase "zero day" about just any exploitable bug. Call them security vulnerabilities, which is what they are.
Re:WRT54GL (Score:5, Insightful)
Anyone running stock on a WRT54GL deserves to be hacked.
That's one of the dumber arguments I've ever seen on Slashdot.
Re:WRT54GL (Score:5, Insightful)
The market for WRT54GL is there because of people buying it to put their own firmware on.
Re:WRT54GL (Score:3, Insightful)
You say DDWRT, I say Tomato.
Re:Zero day? (Score:2, Insightful)
In fact I bet 95% of affected routers have the default web interface password anyway.
Yes, with the user/pass as admin/password or admin/admin! :-0
Re:WRT54GL (Score:5, Insightful)