Wednesday, January 30, 2013

Broadcom UPnP Remote Preauth Root Code Execution Vulnerability


During the security evaluation of Cisco Linksys routers for a client, we have discovered a critical
security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code
under root privileges.
Upon initial vulnerability announcement a few weeks ago Cisco spokesman stated that only one router
model is vulnerable - WRT54GL.
We have continued with our research and found that, in fact, same vulnerable firmware component
is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N.
Could be others.

Moreover, vulnerability turns out even more dangerous, since we have discovered that same vulnerable
firmware component is also used across many other big-brand router manufacturers and many
smaller vendors.

Vulnerability itself is located in Broadcom UPnP stack, which is used by many router manufacturers
that produce or produced routers based on Broadcom chipset.
We have contacted them with vulnerability details and we expect patches soon.
However, we would like to point out that we have sent more than 200 e-mails to various router
manufacturers and various people, without much success.

Some of the manufacturers contacted regarding this vulnerability are:
- Broadcom
- Asus
- Cisco
- TP-Link
- Zyxel
- D-Link
- Netgear
- US Robotics
- and so on.

Full vulnerability description is available here:
http://www.defensecode.com/subcategory/advisories-28

Regards,
Leon Juranic
CEO
Posted by at

44 comments:

  2. We're really sorry. But you'll have to do it by yourself. :)

    ReplyDelete

  4. This comment has been removed by the author.

    ReplyDelete


  8. Certain, it'd be wonderful to gain a sound estimations of Vitapulse , PQQ, and CoQ10 from true blue meals step by step, regardless, the actuality may it have the capacity to be can be altogether hard to totally hold quick to a reliably thin down method that licenses you to get satisfactory of those fragments into the body whilst in like manner keep away from dinners which have unfavorable flourishing proposals.

    Different normal dinners resources of CoQ10, NAC, and PQQ similarly strike get the chance to be higher calorie meals that join higher extents of drenched muscle to fat remainders, that are unfathomably poor for the heart flourishing paying little notice to the give of CoQ10, NAC, and PQQ these dinners offer.

    CoQ10:

    For instance, CoQ10 is routinely present in higher obsessions in meals this kind of as liver, kidney, heart, ground sirloin sandwich, sardines, and mackerel – yet eating up these dinners may trigger other whole deal thriving issues. People who recognize consuming a great deal of veggies on the reliably foundations could get CoQ10 in spinach, broccoli, cauliflower, and vegetables.

    ReplyDelete

  9. packers and movers in pune
    packers and movers in noida
    Packers and movers in delhi@
    http://www.verified5.co.in/packers-and-movers-delhi/
    Packers and movers in gurgaon@
    http://www.verified5.co.in/packers-and-movers-gurgaon/
    Packers and movers in pune@
    http://www.verified5.co.in/packers-and-movers-pune/
    Packers and movers in ghaziabad@
    http://www.verified5.co.in/packers-and-movers-ghaziabad/
    Packers and movers in faridabad@
    http://www.verified5.co.in/packers-and-movers-faridabad/
    Packers and movers in hyderabad@
    http://www.verified5.co.in/packers-and-movers-hyderabad/
    Packers and movers in trivandrum@
    http://www.verified5.co.in/packers-and-movers-trivandrum/
    Packers and movers in noida@
    http://www.verified5.co.in/packers-and-movers-noida/

    ReplyDelete

  10. Packers and movers in delhi@
    http://www.thepackersmoversdelhi.com

    ReplyDelete

  13. packers and movers in india@
    https://quicksoluction.com/
    packers and movers in delhi@
    http://quicksoluction.com/packers-and-movers-in-delhi.html
    packers and movers in mumbai@
    http://quicksoluction.com/packers-and-movers-in-mumbai.html
    packers and movers in pune@
    http://quicksoluction.com/packers-and-movers-in-pune.html
    packers amd movers in gurgaon@
    http://quicksoluction.com/packers-and-movers-in-gurgaon.html

    ReplyDelete

  14. Henna tattoo mehndi designs designs are gaining significant popularity for a lot of reasons. Among their other benefits, these beautiful tattoos also enables you to "test drive" your favorite design before permanently inking arf player it of your body.

    ReplyDelete

  15. Also, using henna z4root apk allows that alter the actual art easily and frequently if you wish to! If you are not absolutely certain about the tattoo you are considering, try it as a henna how to perform wudu tattoo first and provide it a whirl good night messages for girlfriend!

    ReplyDelete

  17. I must say you had done a tremendous job,I appreciate all your efforts.Thanks alot for your writings......Waiting for a new 1...Please visit our wonderful and valuable website:
    Packers And Movers in Bangalore charges
    Packers And Movers in Bangalore to Hyderabad

    ReplyDelete

  18. The primary choice is to realize that sap fiori prior doesn't define you. What is happening has happened. If you got fired, dumped, divorced, bankrupt, injured, sick, or born into a family of whackos, do you know what

    ReplyDelete

  20. Second, give your customers a low. People online shopping apps love free! Giving something free will generate lots of talk regarding company as well as the word regarding company will spread to be a virus.

    ReplyDelete

  21. Packers Movers in Chandigarh
    http://www.fastsoluction.com

    ReplyDelete

  22. really a very nice blog i really appreciate all your efforts thank you so much for sharing this valuble information with all of us.
    Packers And Movers Gurgaon
    Packers And Movers In Gurgaon charges

    ReplyDelete

  23. We Provide Best Packers And Movers Gurgaon List for Get Free Best Quotes, Compare Charges,
    Save Money And Time, Household Shifting Services @ http://packers-and-movers-gurgaon.in/
    Packers And Movers Bangalore to hyderabad

    ReplyDelete

  26. An excellent information provided thanks for all the information
    visit here : Packers And Movers Bangalore to hyderabad

    ReplyDelete

  27. There's a lot of interesting info here! I'm very grateful for the post! movers and packers chennai is here to make your life simpler
    Packers And Movers Bangalore charges

    ReplyDelete

  31. by Melanie Spring Your To-Do List can be unruly if you don't get it organized. If you've finally figured out an order to your list, make sure you. best to do list app

    ReplyDelete

  32. You want top search engine ranking! In pursuit of that, you are making tons of buy backlinks Check this 15 Places to Buy Backlinks.

    ReplyDelete

  33. The common 'teeth falling out' dream can haunt us for days! Read this in-depth guide & learn teeth falling out dream how to interpret and analyze dreams about teeth ...

    ReplyDelete

  34. Packers And Movers Kolkata is recognized as a business manager providing wide-ranging and differentiate service appearance as well as Relocation Shifting, Logistics and Transportation, Facilities managing, strategy & Designing services.Packers and Movers Kolkata

    ReplyDelete

  37. I loved this one. It has given me courage to try scarier things. I tend to steer clear of them but not anymore.Packers And Movers Jaipur

    ReplyDelete

  38. This comment has been removed by the author.

    ReplyDelete

  41. I love this picture! Thanks for posting @SABTVSeries! ... your smile makes me smile. thanks for being a constant light in my life all my love.
    new websites for you

    ReplyDelete

  42. I would like to thank you for sharing a very good article it is very much appreciated, good job!
    visit us

    ReplyDelete

  43. Really a great addition. I have read this marvelous post. Thanks for sharing information about it.
    visit us

    ReplyDelete

  44. visit
    Thanks for sharing nice information with us.

    ReplyDelete

Subscribe to: Post Comments (Atom)