Remote Linksys 0-Day Root Exploit Uncovered

Orome1 writes "DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out to be incorrect. The latest Linksys firmware (4.30.14) and all previous versions are still vulnerable."

Re:WRT54GL

[Synerg1y]

Sure, every network anything has had security issues and will. Imho, remote web management is only useful to a very few select users, to get back home, ssh is the way to go... which you'd set up in web management :)

There was also a vulnerability late last year that revolved around a specific service. The scope is different though, you can turn off a router service inconveniencing yourself till a patch is released... the article didn't provide enough detail on what's affected on the linksys firmware leading me to suspect stock firmware, stock settings... aka the most vulnerable of the vulnerable users group.

Re:Zero day?

[AmiMoJo]

The term "remote" is also a bit misleading, in that it looks like you need to be on the local network already to use this vulnerability. In the video their IP address is 192.168.1.1. Far less serious than being able to get root from the internet or without having to authenticate a wifi connection first. In fact I bet 95% of affected routers have the default web interface password anyway.

The main people who should be worried are people with open access wifi or LAN ports, such as cafes and hotels.

Re:Public Service Announcement

[Anonymous Coward]

Unless you have remote administration enabled, this exploit is only achievable from a system within the local network.

A web browser on the local network opens a malicious webpage. Now, what?

Re:WRT54GL

[clarkn0va]

The WRT54GL is the minority of all routers.

For those who don't know, the L in WRT54GL stands for Linux. This routers was differentiated from the contemporary revision WRT54G only in that it ran the Linux-based firmware. While subsequent revisions of the WRT54G featured less and less capable hardware, the WRT54GL maintained its original configuration of flash and RAM, allowing it to run third party firmwares such as dd-wrt, openwrt, and Tomato.

To the average consumer, the WRT54GL looked exactly like the significantly less expensive WRT54G and its prolific variants, but to the power user and professional, it held much greater potential and warranted the higher price tag. These pros and power users generally have no use for stock firmwares, and are only interested in the open nature of the hardware platform, and are therefore willing to pay the premium (although personally I preferred the more capable and less expensive ASUS WL-520gu. I guess legend status has its privileges).

So yes, it is shocking to those who are familiar with the platform to learn that any significant portion of WRT54GL is running stock firmware in the wild.

Fritz boz

[1s44c]

I highly recommend getting a fritz box. The amount of stuff they can do is really cool.
The model I have is a NAS server, Media server for my blu-ray player, a PBX for cheap SIP calls, an answering machine for SIP or land line calls, a DECT phone base station, A print server for my USB printer, a VDSL modem, and a 4 port gigabit switch. All that in a small low power box.

Also you can update the firmware fairly easily although it does trash all your settings.

No I don't work for them.