Remote Linksys 0-Day Root Exploit Uncovered

Orome1 writes "DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out to be incorrect. The latest Linksys firmware (4.30.14) and all previous versions are still vulnerable."

I'm fine.

[drunkennewfiemidget]

I'm pretty sure my Linksys router doesn't have that vulnerabil -- HA JUST KIDDING, WHO WANTS MY CREDIT CARD NUMBER?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Zero day?

[Anonymous Coward]

What's zero-day about this exploit?
It was found during testing, and there are no exploits in the wild.

As such it fails BOTH tests for being a zero day exploit:
- The company must not know the details of the exploit
- It must be in the wild

Stop using the phrase "zero day" about just any exploitable bug. Call them security vulnerabilities, which is what they are.

zero day sounds cool man, it's like black ice and cyberspace all over again man...far out... ...peace.... //tech journalist -68

DHS Needs to Make Announcement

[loxfinger]

The Department of Homeland Security needs to tell everyone to uninstall their Linksys routers until this is fixed, a la Java.

Another announcement

[vencs]

says that, Huawei also reported its routers face a similar vulnerability.

---
Protest online. Save the Planet.